Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Using fschange to monitor files on linux server from windows splunk server

tasdienes
Engager
‎07-05-2011 09:22 PM

I have splunk running on windows. I want to monitor the /etc directory on a linux server with fschange. Is that possible?

How would I specify the path? [fschange://servername/etc] ?

How should I enable splunk (which runs under a Windows AD domain account) to read the files on the linux server? I could share them with samba, but splunk wouldn't know how to handle the login credentials...

Tags (3)
0 Karma
Reply
Highlighted

Re: Using fschange to monitor files on linux server from windows splunk server

mzorzi
Splunk Employee
Splunk Employee
‎07-06-2011 05:07 AM


You might want to install a light forwarder in the linux server, sending the data to the Windows Indexer.

You can even decide to use a cross filesystem solution like samba, but I believe you will encounter all sorts permissions and performance problems

Reply
Highlighted

Re: Using fschange to monitor files on linux server from windows splunk server

tasdienes
Engager
‎07-06-2011 09:40 AM

Thanks, I'll give that a try.

0 Karma
Reply