Hi,
We are trying to get HP-UX audit logs processed by Splunk.
We get the logs in binary format, and run then through 'audisp' on a hp-ux device, which give us nice ASCII text.
Then we use syslog-ng (this guide: http://www.splunk.com/wiki/Community:GatherHPUXAudits) to get them into Splunk.
Problem is that they are displayed as just one line log entries, no processing has been done.
I think I need to edit the props.conf file to add some regex to split the fields out, but need some help1
I have some sample logs I can provide, if needed?
Any help would be much appreciated!
Mike
... View more