- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
File Integrity Monitoring - Splunk 6
With FSChnage being deprecated in Splunk 5.0, what is the best method in Splunk 6 to monitor folder/file changes?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

The term Deprecation is misleading many of our customers. The fact remains - Splunk continues to maintain a file integrity checking feature through ver 5 and into the current version. See the link below:
http://docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
The link is for version 6.0 and no longer exists.
"http://docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem"
You can use this link instead:
https://docs.splunk.com/Documentation/Splunk/9.2.2/Data/Monitorchangestoyourfilesystem
Although the contents of this document did not match the solution I wanted
In the SIM solution of ManageEngine company, it is possible to monitor a folder that has been Shared in such a way that if a file or folder is created, edited, renamed or deleted, it shows by which user and at what time and from which IP It happened.
I am looking for such a solution in Splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

1. It's a veeeeeery old thread (over 10 years since last post)
2. Monitoring changes to filesystem is a completely different issue than logging changes on a file sharing platform (regardless of whether we're talking NFS, CIFS, DAV...). First thing would be to make sure that the service itself can and will log relevant data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

The term Deprecation is misleading many of our customers. The fact remains - Splunk continues to maintain a file integrity checking feature through ver 5 and into the current version. See the link below:
http://docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did find this write up in the docs section, and this helped get me going in the right direction.
http://docs.splunk.com/Documentation/Splunk/6.0/Data/MonitorfilesystemchangesonWindows
I am always open for more suggestions, or an easier way to do this.
Thank you
