Getting Data In

Monitor Windows Registry from Remote Server

gallantalex
Path Finder

Hi, I know I am able to monitor the registry on the local machine where Splunk is run. How about if I want Splunk to monitor the registry of several servers on our network. I thought I would be able to do this with WMI collections but I could not figure out how to specify which specific registry values I want to monitor.

If I setup Splunk on the servers which I want to monitor and let them monitor their local registries, will I be able to forward that information to the main Splunk indexer?

I am still just learning all of Splunk functionalities, so please provide specifics or let me know if I said stated something completely wrong.

Thanks.

Tags (1)
0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

I don't think you can do this using WMI, at least not easily. However, yes, you can install Splunk Forwarders on each remote machine to monitor the registries and have them send that to to Splunk indexer.

View solution in original post

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

I don't think you can do this using WMI, at least not easily. However, yes, you can install Splunk Forwarders on each remote machine to monitor the registries and have them send that to to Splunk indexer.

0 Karma

gallantalex
Path Finder

Thanks for the replay. It is possible as you mentioned, but I have ran into so many other issue trying to implement it.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...