Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google that this piece of software can monitor AD events, like logins, and account lock-outs and so on, they even have exchange and sql support, but I really don't know how it logs all these events. I am hoping someone is familiar enough on this software and can give any idea on its own logging system if its possible to splunk it.
Appreciate any inputs.
PS. I know generally that any plain text file splunk can read.
Has anyone successfully accomplished the integration between Quest (Dell) ChangeAuditor and Splunk? I would love to be able to send ChangeAuditor logs to Splunk.
Thank you!
Is there any follow up info on how this could be done? I have been searching and it seems like there is little info especially now that ChangeAuditor is Dell owned.
Quest ChangeAuditor is an awesome product. You can't get that level of AD auditing anywhere else, and the UI makes it ridiculously easy to search and find audit info after the fact. You definitely don't need any event logging tools for this, but yes you could also use Splunk to collect ChangeAuditor's events too. Although for AD auditing, the ChangeAuditor UI is what you'd want to use.