Hi i would like to monitor all auth.log file in my ubuntu system but there are many auth.log file (e.g. auth.log, auth.log.1, auth.log.2.gz, auth.log.3.gz). How do i get splunk to monitor all of them? Currently am only able to monitor auth.log file only
I to have the same issue. we are monitoring the RSA key file from some host and we are getting logs from all the source excluding one source. the folder where auth.log file are fetched is present on that host but splunk cant fetch the logs. the configuration of all the host are same and the permission to the auth.log dir is also same for all the servers. still not getting log.