Is it possible for Splunk to read from a firewall using just the command line interface?


Using Ubuntu, Is it possible for Splunk to read from a firewall that's setup and output results in real time or in a log without using any splunk apps and just using command line?
If it is possible any direction on how I could go about it?


0 Karma


Hi Mahmudomer,

You can monitor any local / Remote directory from command line by running command with required parameter.

 ./splunk add monitor <log path>

In-Case the files are in remote then you can use TCP/UDP. Read Splunk documentation Link

Mount filesystem / soft link may help you .

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...