I created an app named a_uf_inputs_conf. The app simply contains inputs.conf that has the monitor stanza's below. This app was deployed to both Windows and Linux servers. It is working on the W...
...ave host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
Also tried
host_regex = /audit/f...
I was following this guide on adding command line logging to my GPO. I verified that the current GPO has these settings. You must enable the Audit Process Creation audit policy so t...
...ome community articles. Unfortunatly we still get other indexes (e.g. fortinet) forwarded also. Any idea what we make wrong ? The last try from the ..\system\local\outputs.conf: ## 21.6.2020 [t...
Greetings, I am trying to get different log types such as security and audit logs for example from a single IP source from my HF instance, how exactly should I be settings my settings in Inputs, T...
Hi,
I,am having problem with the configuration inputs.conf file, I'm monitoring remote computer with universal forwarder.
Remote host (monitoring):
Ditectory E:\SQL\Audit\Log
F...
...86_64
Can't create directory "": No such file or directory
An error occurred: Could not create audit keys (returned 4).
[root@splunk bin]#
As a result Splunk does not start. Please help me to r...
...askCategory, Type, User So i chose to use Keywords which has the value Audit Failure Here is my inputs.conf --------------------- [WinEventLog://Security] disabled = 0 index=c...
...r /etc/libaudit.conf . Here is our basic search:
| tstats `security_content_summariesonly` count from datamodel=Auditd where nodename=Auditd.Path by _time span=1s host Auditd.name
| `d...