×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
riodutchie
Explorer
Member since: ‎07-07-2014
‎06-05-2020
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 1
Member Since ‎07-07-2014
Activity Feed
View All

Re: Define python binary for universal forwarder 5...

by in Getting Data In
‎10-23-2014 12:06 PM
1 Karma
‎10-23-2014 12:06 PM
1 Karma
Wow. I have to give serious thanks to Chris G and Gkanapathy for working with me on this. I just had a major realization - (and facepalm event) - where I realized I was doing something stupid 😃 I don't need the ossec app installed on my systems with the universal forwarder, I only need it on my search heads. What I need on my universal forwarders is an update to the Splunk_TA_NIX/local/inputs.conf file to add: ############################################################ # Sample inputs for OSSEC data sources (Local Server) ############################################################ [monitor:///var/ossec/logs/alerts/alerts*] disabled = 0 sourcetype = ossec_alerts [monitor:///var/ossec/logs/ossec.log] disabled = 0 sourcetype = ossec_log [monitor:///var/ossec/logs/active-responses.log] disabled = 0 sourcetype = ossec_ar an then it will catch the changes to the system. Thanks to both of you for helping me! --John ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All