- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for Linux Auditd Log
Hello Sirs,
I would like to know the most useful Splunk App that can be suitable for Linux Auditd events. I have Linux devices such as Mangement Servers, DNS, HTTP Servers, Firewall, etc. These logs carried by both Syslog Forwarder and Heavy forwarders.
Please suggest how to monitor the audit logs by which Splunk App?
Thanks a bunch.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To effectively monitor Linux Auditd events in Splunk, you can use the Splunk Add-on for Linux.
This add-on allows you to collect and analyze audit logs from your Linux devices. Here’s how you can set it up:
Configure AuditD to Send Data to the Splunk Add-on for Linux:
https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4
https://splunkbase.splunk.com/app/833
This Add On for linux Auditd allows Administrators to make their data OCSF Compliant and CIM compliant for related Linux Auditd Events
https://preview.splunkbase.splunk.com/app/7045
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. Noted sir.
