Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

FSCHANGE recurse issue

chaben
Engager
‎05-19-2014 06:49 AM

Hello,

I want to watch .so .bin files in the /etc/security and its subfolders.

I applied a whitelist filter and a blacklist filter:

[filter:whitelist:whitelist_f]
regex1 = (.+.so$|.+.bin$)
[filter:blacklist:blacklist_f]
regex1 = .*

Paramètres du File System Change Monitor pour le dossier /etc

[fschange:/etc/security/]
recurse = true
filters = whitelist_f,blacklist_f

Result : i can see the .so and .bin on /etc/security and not in the subfolders.

I guess that fschange apply the filters on the subfolders name too.
I tried to write some regex to include some subfolders but i dont get the waited result.

example of tried regex :

regex1 = ^/etc/security/*/(.+.so$|.+.bin)$

regex1 = ^/etc/security/.../(.+.so$|.+.bin)$

regex1 = ^/etc/security/(.+.so$|.+.bin)$

Any idea is welcome,

Thanks in advance,

Chaben

Tags (3)
Reply

chaben
Engager
‎05-20-2014 01:32 AM

Thanks for your reply lukejadamec, i tried on Splunk Enterprise 6 but it doesn't work: No file added.

0 Karma
Reply

lukejadamec
Super Champion
‎05-19-2014 08:05 AM

I believe you need to make the change in the source, not the regex:

[fschange:/etc/security/...]

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...