Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does btool logs its usage somewhere?

jordanking1992
Path Finder
‎04-04-2018 06:39 AM

All,

Looking at some windows logs and came across the following commands ran on two separate computers. The "--no-log" concerns me and I can't seem to find if there is a place where logs would generate when this command is ran.

Has anyone seen or know why I would be seeing this? I am the only admin for these hosts so at first glance this looks like a bad actor.alt text

Preview file
20 KB
0 Karma
Reply

clozach
Path Finder
‎08-31-2020 11:07 AM

Hi did you ever determine what the root of this was? I'm seeing the same thing in my environment and would like to understand what's going on.

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎08-31-2020 11:44 AM

Can you try running btool with —no-log option and check if that’s displaying some output?

 

————————————
If this helps, give a like below.
0 Karma
Reply

splunker12er
Motivator
‎04-05-2018 05:52 AM

Can you post the full windows logs ? so to figure out why do you see these ?

0 Karma
Reply

PowerPacked
Builder
‎04-04-2018 02:55 PM

Hi @jordanking1992

Please check the usage of the btool command.

splunkhome/bin/splunk btool "conf file prefix" list --debug --app="appname"| grep "if you want to grep something from conf file"

and also use "> /var/tmp/123.txt" to write results into text file

here is the link to splunk doc

& splunk does writes logs about btool in splunkhome/var/log/splunk/bttol.log

Thanks

0 Karma
Reply

jordanking1992
Path Finder
‎04-05-2018 05:44 AM

Thanks for the information but the question is "What am I seeing in those screenshots?". I cannot find the --no-log anywhere in the documentation.

-Jordan

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...