Hi,
I have a Splunk instance on Linux and I am trying to get windows network information from a IIS web server for example Port number,Protocol and IP address. I can get it to work on a windows instance just not from Linux not sure if it uses WMI just wondered if it was possible or would it need to be a powershell script?
Thanks
Joe
I've added:
[WinNetMon://test]
addressFamily = ipv4;ipv6
direction = inbound;outbound
host = WIN-PIDFR5LUJC6
packetType = connect;accept
protocol = tcp;udp
works fine now, Thanks for your help.
Hi @joe06031990,
you have to:
Ciao.
Giuseppe
Hi, I have done the bellow and can get all apart from the network logs for ports,up addresses, ETC the only network details I see are bytes in/out.
thanks
Joe
Hi @joe06031990,
Are you using Splunk TAs or custom inputs?
Did you tried the Splunk Add-On for Microsoft IIS (https://splunkbase.splunk.com/app/3185/#/overview)?
Ciao.
Giuseppe
Hi,
I have Splunk TA,IIS and Windows infrastructure app installed.
thanks
joe
Hi @joe06031990,
if the information that you can have from those TAs aren't sufficient for your needs, the only way is to write your own scripts to insert in a custom TA.
Ciao.
Giuseppe
I've added:
[WinNetMon://test]
addressFamily = ipv4;ipv6
direction = inbound;outbound
host = WIN-PIDFR5LUJC6
packetType = connect;accept
protocol = tcp;udp
works fine now, Thanks for your help.