We have Linux servers for providing file sharing services like Samba and NFS. We need to monitor the user access activities to the files in the shared file system. Many posts of this community pointed to use Splunk's inputs.conf for monitoring file access. Some also pointed to using Linux's auditd to get the result. Currently our Splunk setting already collects data from audit.log.
What is the pro/con for using inputs.conf or auditd?
Thanks.