Hello!
I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logons (EventCode=4624).
Unfortunately, there are two fields with a name "Account N...
I want to monitor multiple Domain controllers using a universal forwarder installed on a separate windows server which is running under a user account that has "Admin Read only" credentials to the w...
Hello Splunkers, Do I need domain account for UF to monitorDomain Controller ? I suppose, I need UF on domain account when monitoring AD. If I only wish to monitor windows standard even l...
I need to come up with a way to monitor files via UNC (I know this is not the preferred way) for ~140 servers that are not on the company domain. I do have local account information for each of the s...
Hi, We wonder how to monitor the smbV1 access in a domain. We are already enabled the eventcode 3000 log on windows log. Now we want to know who use smbV1 to access on e...
...s to set up a Splunk server using the local system account, and then I've set up universal forwarders in two domains using domain accounts and enabling active directory monitoring during the setup....
Team,
If we have Windows events and Active Directory (AD) is synced with Splunk, how can I search/investigate who modified a DL or who was added in an AD group and who added?
Is there any q...
...Logs to be monitored
Unix server:
/opt/IBM/middleware/user_projects/domains/Test/servers/TIM_server*/logs/TIM_server*.out*
/opt/IBM/middleware/user_projects/domains/Test/servers/T...