I want to know the user details, what changes happened, when, if someone makes changes to config files. is that possible?
I tried something below, I got events as
6/14/10 9:20:52.000 AM Mon Jun 14 09:20:52 2010 action=add, path="C:\TEMP\configs.txt", isdir=0, size=388, gid=-1, uid=-1, modtime="Mon Jun 14 09:17:56 2010", mode="rwxrwxrwx", hash=
[monitor://\192.168.1.12\Siteroot\Web.config]
disabled = false
index = _audit
sourcetype =dfgd
pollPeriod = 60
and when I tried to set up this config in Splunk forwarder, I didn't get any results.
... View more