Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

universal forwarder cannot find the path which I want to specify

p1004
New Member
‎11-11-2013 03:36 PM

When I install the universal forwarder on my DHCP server, I want to monitor the DHCP folder under system32, but from the software, when I use "path to monitor", I cannot find the DHCP folder through Directory, can you let me know why?

Tags (2)
0 Karma
Reply

Runals
Motivator
‎11-11-2013 05:10 PM

You using the case sensitive path to your logs? Since you haven't posted the path to your own and you mention system32 I'm guessing the path is the default one. This has worked for me. 

[monitor://C:\WINDOWS\system32\dhcp]
sourcetype = DhcpSrvLog
crcSalt = <SOURCE>
disabled = false
whitelist = Dhcp.+\.log
Reply

p1004
New Member
‎11-11-2013 04:02 PM

Thanks for your answer, I am running a domain admin account, and it is in the local admin group, the permission should not be a problem.

0 Karma
Reply

ShaneNewman
Motivator
‎11-11-2013 03:54 PM

Is Splunk setup to run as a system account or a domain account? If it is setup as a domain account, it may not have the correct permissions to that directory.

0 Karma
Reply

ShaneNewman
Motivator
‎11-11-2013 04:13 PM

If you browse the folder directory as the domain account on the server itself, can you see the files you want to monitor?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...