Solved: Monitoring services and process and which port usi...

test_qweqwe · ‎12-18-2017

HI.
I know how to monitoring process and services in Windows, but I don't know how to see port which use process/service.
All logs that I have right now and including process/services not have any fields with ports.
For example, I wanna make one table which will include service/process and port. How can I realize it?

adigrio · ‎12-18-2017

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

View solution in original post

adigrio · ‎12-18-2017

On Splunk Windows 64-bit installations you can configure a Splunk network monitoring data input to collect this type of information:

This will collect quite a lot of details about each TCP/IP connection on that system. Here is a sample list:

ttovarzoll · ‎04-30-2020

This looks great but I don't see an input-type, "Splunk network monitoring" when I try to add it to my Splunk Enterprise 7.3 environment. Is that a particular add-on or app?

jacobpevans · ‎06-11-2020

Splunk Add-on for Microsoft Windows

https://splunkbase.splunk.com/app/742/

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.

nickhills · ‎12-18-2017

Preempting your reply.

If your universal forwarders are *nix based, the splunk_TA_nix TAcomes with an input called openPortsEnhanced.sh which you can enable.
Add the following to your inputs.conf in the TA.

[script://./bin/openPortsEnhanced.sh]
disabled = false

It will yield results as follows:

Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8089 pid=34624 user=splunk fd=5u ip_version=4 dvc_id=46637453 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=splunkd dest_ip=* dest_port=8000 pid=34624 user=splunk fd=53u ip_version=4 dvc_id=46655525 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=mongod dest_ip=* dest_port=8191 pid=36671 user=splunk fd=5u ip_version=4 dvc_id=46645516 transport=TCP
Mon Dec 18 16:43:54 GMT 2017 app=python dest_ip=127.0.0.1 dest_port=8065 pid=36831 user=splunk fd=15u ip_version=4 dvc_id=46655518 transport=TCP

If my comment helps, please give it a thumbs up!

test_qweqwe · ‎12-18-2017

Thank you for answer!

nickhills · ‎12-18-2017

Is this on a universal forwarder - and which OS?

If my comment helps, please give it a thumbs up!

Monitoring services and process and which port using

monitor

Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation