I am currently needing to provide our mid-range team with some config to begin monitoring windows registry data on a Win03 box running Splunk Universal Forwarder.
The problem is this, I have pretty much zero knowledge on the Win specific stuff, I only deal in the linux space.
So, after trawling the net I have come up empty on the "exact" required changes to Splunk .conf files in order to enable windows registry monitoring.
We currently have the forwarder installed and monitoring Windows events which is working successfully.
Is anyone able to give me some example config to monitor Windows registry events?
Thing I would most be interested in is the additions required to inputs.conf