...o do is to deploy a props.conf on the HF to indicate the following: [audittrail]
SHOULD_LINEMERGE = false
SEDCMD = s/\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}\.\d{3}.* INFO AuditLogger - //g &n...
I'm getting this error: Invalid key in stanza [auditTrail] in /opt/splunk/etc/system/local/audit.conf
Looking at the audit.conf.spec, that key is no longer mentioned. In earlier versions it was....
...ost123.secure.2019080165784.audit.log.1
I want Splunk to have host as "host1" and "hostab" and "host123", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = \/S+([^.])....
...ave host as "scc145" and "dmzbackend", and etc..
I have this in inputs.conf:
[monitor:///audit/files]
host_regex = ([^0-9./][A-Za-z0-9-]*[^.audit.log])
Also tried
host_regex = /audit/f...
...abel = Omega Core Audit for Oracle
is_visible = 1
[triggers]
reload.inputs_templates.conf = simple Note the reload.inputs_templates.conf = simple under [triggers]. So why the failure by A...
I have been unable to get the universal forwarders to correctly collect the SMB Server audit logs. The inputs.conf file on the deployment server has the following stanza configured but there are no l...
...86_64
Can't create directory "": No such file or directory
An error occurred: Could not create audit keys (returned 4).
[root@splunk bin]#
As a result Splunk does not start. Please help me to r...