Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Windows universal forwarder with a static config f...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ng87
Path Finder
01-06-2022
11:09 AM
I was hoping if someone can help me. We are looking into deploying Sysmon and the Universal forwarder remotely in very specific circumstances ( suspicious activity on a host or by a user etc etc ) . I am struggling on being able to get the universal forwarder setup remotely. Essentially i just need the universal forwarder to forward the sysmon event logs ( Microsoft-Windows-Sysmon/Operational ) but i need to be able to do this remotely via command line or script.
I came across a Splunk article about setting up the forwarder with a static config which seemed good but looking into the config options it doesnt seem to allow you to specify what logs to collect - it gives you option of the usual Security , System , Application etc but doesnt appear to support anything else unless im mistaken?
Else anyone know if its possible to include a config file/parameters within the installer?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SinghK
Builder
01-06-2022
11:32 AM
you can download the addon splunk_ta_windows from splunk base and confugure using documetation availble here
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SinghK
Builder
01-06-2022
11:21 AM
I have the powershell script to remotely install the forwarder and the copy splunk ta windows to to apps directory I can send it over tomorrow.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ng87
Path Finder
01-06-2022
11:28 AM
so you can include the config options with you way ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SinghK
Builder
01-06-2022
11:44 AM
yes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SinghK
Builder
01-06-2022
11:32 AM
you can download the addon splunk_ta_windows from splunk base and confugure using documetation availble here
Get Updates on the Splunk Community!
Buttercup Games Tutorial Extension - part 9
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Buttercup Games Tutorial Extension - part 8
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Introducing the Splunk Developer Program!
Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...
