For the Oracle Unified * Audit Trail you can use the following: Oracle Unified Audit App for Splunk  * the unified audit starts in Oracle 12c R1 ... View more

Thanks. Vince. ... View more

You push the Splunk for Unix and Linux TA app to all of your forwarders. They will collect and forward OS metrics to your indexer, and the dashboards there will show all hosts. ... View more

This is not possible, since i don't know your environment nor your requirement. ... View more

I'm assuming you mean "measure" the uptime. One way is to use a scripted input to ping the server. Then just do a stats on how often it doesn't respond. You can also use a forwarder and send some logs. The forwarder will send heartbeats and you will be able to know if it stops checking in. ... View more

Further, I would like to monitor files & folders created under C:\ & D:\ drive. How can I do that. ... View more

Hi Ayn, Appericiate, if you give me an example. Even, I tried this one [filter:blacklist:file.txt] regex1 = .*txt [fschange:/etc] filters = file.txt ... View more

Thanks... Its done ... View more

Here are some of the most likely logs you will want to monitor: /var/log/sulog The sulog file, /var/adm/sulog, is a log containing all attempts (whether successful or not) of the su command. /var/adm/loginlog Unsuccessful login attempts after five consecutive failures are logged in the file /var/adm/loginlog /var/adm/messages This log records system console output and syslog messages. /var/adm/pacct This log records the commands run by all users. Process accounting must be turned on before this file is generated. /var/adm/messages This file is a catch-all log file for a number of messages from the UNIX kernel as well as for other logging applications such as syslogd. The file is formatted as an ASCII text file and entries are usually one record per line with new entries appended to the end of the file. You can use the [Monitor] directive to monitor the log files: http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories ... View more

the lastlog.sh provides this information. on solaris this file is called wtmpx but this is a binary file and it is in /var/adm/ not /var/log/ ... View more

Thanks. it worked. I have installed in home directory. ... View more

I don't think you will find that Splunk can tell you that, at least not directly. It is interesting though! You can lock your systems down of course, and log / see if a person SU's up to root but ideally they shouldn't have root access as it totals your change control and protection of the systems. If you use a 3rd party product for asset discovery (software type) and that logs information then you can bring it back into Splunk as the point of control. Solaris has pkginfo for example. ... View more

Thanks for help. ... View more

@sdaniels thx for reply. ... View more

Driany, Are you guys talking about the "Splunk App for Microsoft Exchange"? https://splunkbase.splunk.com/app/1660/ On the comment about it being free: It appears as a paid app and I was wondering about that: "This app requires a paid license to use. The trial license lasts for 60 days." Or maybe i'm just confused and it implies the splunk server itself is a licensed product? I am also digging into the docs to see how if works on a distributed exchange install : http://docs.splunk.com/Documentation/MSExchange/3.1.3/DeployMSX/Releasenotes http://docs.splunk.com/Documentation/MSExchange/3.1.3/DeployMSX/AboutSplunkforMicrosoftExchange http://www.splunk.com/content/dam/splunk2/pdfs/solution-guides/splunk-for-windows.pdf ... View more

@MuS thanks for help. 🙂 ... View more

Oracle is a database management system. all the queries are related to SQL are adding the values of a database and fetching them whenever needed. To monitor the oracle database. here is a link for knowing all the oracle management https://docs.oracle.com/cd/B19306_01/server.102/b14196/montune.htm#ADMQS010 ... View more

It's true that the current 3.7 version of ExtraHop Discovery Edition doesn't have triggers, but the upcoming 3.8 version of Discovery Edition will in fact have them, so it will be suitable for Splunk integration. ... View more

Hi, Thanks for your reply. I am also looking for apps or plugins for splunk for monitoring Microsoft database or oracle database. Do you know any link From which i can download DBX application.So, i can solved my issue. Thaks in advance. Regards, catch_mili ... View more

Hi ahall_splunk, Thanks for reply. catch_mili ... View more