Using fschange to monitor files on linux server fr...

tasdienes · ‎07-05-2011

I have splunk running on windows. I want to monitor the /etc directory on a linux server with fschange. Is that possible?

How would I specify the path? [fschange://servername/etc] ?

How should I enable splunk (which runs under a Windows AD domain account) to read the files on the linux server? I could share them with samba, but splunk wouldn't know how to handle the login credentials...

mzorzi · ‎07-06-2011

You might want to install a light forwarder in the linux server, sending the data to the Windows Indexer.

You can even decide to use a cross filesystem solution like samba, but I believe you will encounter all sorts permissions and performance problems

tasdienes · ‎07-06-2011

Thanks, I'll give that a try.

Using fschange to monitor files on linux server from windows splunk server

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Using fschange to monitor files on linux server from windows splunk server

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >