Security

Does btool logs its usage somewhere?

Path Finder

All,

Looking at some windows logs and came across the following commands ran on two separate computers. The "--no-log" concerns me and I can't seem to find if there is a place where logs would generate when this command is ran.

Has anyone seen or know why I would be seeing this? I am the only admin for these hosts so at first glance this looks like a bad actor.alt text

0 Karma

Path Finder

Hi did you ever determine what the root of this was? I'm seeing the same thing in my environment and would like to understand what's going on.

0 Karma

Super Champion

Can you try running btool with —no-log option and check if that’s displaying some output?

 

————————————
If this helps, give a like below.
0 Karma

Motivator

Can you post the full windows logs ? so to figure out why do you see these ?

0 Karma

Builder

Hi @jordanking1992

Please check the usage of the btool command.

splunkhome/bin/splunk btool "conf file prefix" list --debug --app="appname"| grep "if you want to grep something from conf file"

and also use "> /var/tmp/123.txt" to write results into text file

here is the link to splunk doc

& splunk does writes logs about btool in splunkhome/var/log/splunk/bttol.log

Thanks

0 Karma

Path Finder

Thanks for the information but the question is "What am I seeing in those screenshots?". I cannot find the --no-log anywhere in the documentation.

-Jordan

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!