Hi all,
Since fschange is a deprecated feature post Splunk 5.0, i wwould like to know how to monitor windows and linu files/directories. For windows something comes to mind to enable auditing feature either as a GPO/local policy but nothing on linux. Please let me know what is the best possible approach to do this ?
For Linux you could use auditd to configure what to audit where, and Splunk the log from /var/log/audit/audit.log.