Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New to Splunk and its alternatives

xracerx
New Member
‎06-09-2015 07:35 PM

Hi there,

How is it possible to analyze windows log, lotus notes file and sample sap log files in the system. The purpose is to review admin and activity logs privileges in the system.

Is there other alternatives like sawmill and what can it do?

Any advice is much appreciated.

Tags (1)
0 Karma
Reply

splunker12er
Motivator
‎06-09-2015 07:47 PM

To analyze Windows logs , I would suggest you to install 'Splunk universal forwarder' (http://www.splunk.com/en_us/download/universal-forwarder.html#) choose your os version and type appropriately.

Continue the installation , and it prompts you to monitor for several logs, files , etc.

Configuration , Installation , forwarding, receiving, docs - FYR

http://docs.splunk.com/Documentation/Splunk/6.2.3/Forwarding/Setupforwardingandreceiving
http://docs.splunk.com/Documentation/Splunk/6.2.3/Forwarding/Configureforwarderswithoutputs.confd
http://docs.splunk.com/Documentation/Splunk/6.2.3/Updating/Exampleaddaninputtoforwarders

Reply

xracerx
New Member
‎06-10-2015 05:57 PM

Hi,

to be exact I am trying to analyze this type of log files.(File Server & Windows CPRS Log)

Level   Date and Time   Source  Event ID    Task Category
Information 10-Feb-15 11:02:17 AM   Microsoft-Windows-Security-Auditing 4780    User Account Management "The ACL was set on accounts which are members of administrators groups.


Subject:
    Security ID:        ANONYMOUS LOGON
    Account Name:       ANONYMOUS LOGON
    Account Domain:     NT AUTHORITY
    Logon ID:       0x3e6

Target Account:
    Security ID:        CISCODOMAIN\IS Account Operators
    Account Name:       IS Account Operators
    Account Domain:     DC=ciscodomain,DC=local

Any advise?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top