Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

fsmonitor question

diegosainz
Path Finder
‎04-22-2013 08:24 AM

Is it possible for a file monitored with fsmonitor to send an alert on any difference of the file? or would monitoring the file be able to provide that visibility.

Tags (1)
0 Karma
Reply

rnolette
Path Finder
‎04-22-2013 09:50 AM

if fsmonitor has a log file that generates events on file status changes then you can write a custom file monitor that will send the events to the splunk server. You then can create a realtime query Alert that will email you every time this event is triggered. I did this for checking when someone changes something on one of my servers that has a custom application on it.

0 Karma
Reply

diegosainz
Path Finder
‎04-23-2013 07:34 AM

Thank you. I will do that.

0 Karma
Reply

rnolette
Path Finder
‎04-22-2013 12:04 PM

oh. well you didn't say that. Does the file monitor not read in the file when it alerts you? I dont think you can do diff change monitoring from splunk. youd need a diff application to push the new copy to and the old copy then have splunk alert on what the diff application said changed. That would tell you but is a bunch of work. If the device is a network appliance, just use puppet or Cacti.

Reply

diegosainz
Path Finder
‎04-22-2013 11:56 AM

We have done that, we would like to know what has changed in the file.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...