cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mesutu
Explorer
Member since: ‎11-27-2019
‎06-05-2020
Community Statistics
Posts 7
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎11-27-2019
Activity Feed
View All

Splunk Stream is not capture interfaces

by in All Apps and Add-ons
‎01-07-2020 02:03 AM
‎01-07-2020 02:03 AM
Hi, I install stream-app on Splunk Search-Head and deploy independent Stream forwarder via "curl -sSL http://stream-cont-func02:8000/en-us/custom/splunk_app_stream/install_streamfwd | sudo bash" command. I enabled HEC. I check the stream-app GUI, server status is active and send metadata. I mirror the traffic from switch to server interface and check the interface via tcpdump command. I see the traffics are mirrored. But I can not see the traffics int the splunk stream app. Splunk says normally splunk streamfwd capture all network interfaces. What can I do? Best Regards Thank you ... View more

How Splunk run a script as an administrator?

by in Security
‎12-02-2019 04:50 AM
1 Karma
‎12-02-2019 04:50 AM
1 Karma
Hi, How can Splunk run a script as an administrator? In our script we use devcon.exe update command so it is needed to run as admin. Can you help us? Best Regards, Thank you ... View more

Re: Splunk USB Control

by in Getting Data In
‎11-29-2019 12:28 AM
‎11-29-2019 12:28 AM
Hi, @gcusello Thank you for information. Inputs.conf is ; [script://.\bin\checkUSB.bat"] disabled = 0 interval = 3 sourcetype = EndPoint:USB Thank you ... View more

Re: Splunk USB Control

by in Getting Data In
‎11-28-2019 10:27 PM
‎11-28-2019 10:27 PM
Hi woodcock, [scr.pt://.\bin\checkUSB.bat"] disabled = 0 interval = 3 sourcetype = EndPoint:USB ... View more

Re: Splunk USB Control

by in Getting Data In
‎11-27-2019 11:36 PM
‎11-27-2019 11:36 PM
Hi when I check the logs of script, it says usb has been plugged but actually it is not. Why it is not working in windows 10. Our script log is ; [ 27/11/2019 17:15:13 ] Info: Working Directory: C:\Windows\system32 [ 27/11/2019 17:15:13 ] Info: Script Name: checkUSB.vbs [ 27/11/2019 17:15:13 ] Debug: C:\Windows\System32\cscript.exe "C:\Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\checkUSB.vbs" [ 27/11/2019 17:15:13 ] Info: 10.22.11.10 [ 27/11/2019 17:15:13 ] Info: http://10.22.5.11/ossec-wui/site/usbcheck.php?serialNumbers= [ 27/11/2019 17:15:13 ] Debug: Functions are defining [ 27/11/2019 17:15:13 ] Debug: Operating System: AMD64 [ 27/11/2019 17:15:13 ] Debug: PNPDevice: @USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0 PNPDeviceId: 1C6F654E59A2EE81C92800DE&0 [ 27/11/2019 17:15:13 ] Debug: uniqueID 1C6F654E59A2EE81C92800DE [ 27/11/2019 17:15:13 ] Debug: PNPDevice: @USBSTOR\DISK&VEN_SANDISK&PROD_CRUZER_SWITCH&REV_1.27\20044526921DB721B6DD&0 PNPDeviceId: 20044526921DB721B6DD&0 [ 27/11/2019 17:15:13 ] Debug: uniqueID 20044526921DB721B6DD [ 27/11/2019 17:15:13 ] Debug: Check From: http://10.22.5.11/ossec-wui/site/usbcheck.php?serialNumbers=;1C6F654E59A2EE81C92800DE;20044526921DB721B6DD [ 27/11/2019 17:15:13 ] Debug: ossecResponse: 1C6F654E59A2EE81C92800DE;20044526921DB721B6DD [ 27/11/2019 17:15:13 ] Debug: Remove or Plug USB [ 27/11/2019 17:15:13 ] Debug: 1C6F654E59A2EE81C92800DE&0 --- @USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0 [ 27/11/2019 17:15:13 ] Debug: Command: "C:\Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\devcon_x64.exe" status "@USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0" [ 27/11/2019 17:15:13 ] Debug: Command Response: USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0 Name: Kingston DataTraveler 2.0 USB Device The device has the following problem: 011 matching device(s) found. [ 27/11/2019 17:15:13 ] Debug: Driver is prevented by Policy [ 27/11/2019 17:15:13 ] Debug: USB is pluging @USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0 [ 27/11/2019 17:15:13 ] Debug: Command: "C:\Program Files\SplunkUniversalForwarder\etc\apps\windows\bin\devcon_x64.exe" update "c:\Windows\inf\disk.inf" "USBSTOR\GenDisk" [ 27/11/2019 17:15:13 ] Debug: Command Response: Updating drivers for USBSTOR\GenDisk from c:\Windows\inf\disk.inf.Drivers installed successfully. [ 27/11/2019 17:15:13 ] Debug: USB has been plugged @USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E59A2EE81C92800DE&0 [ 27/11/2019 17:15:13 ] Debug: Script Will Sleep 10 seconds Thank you Best Regards Mesut, ... View more

Re: Splunk USB Control

by in Getting Data In
‎11-27-2019 11:28 PM
‎11-27-2019 11:28 PM
hi @gcusello, Our splunk version is 7.2.1 and install in CentOS 7 64 bit. Our inputs.conf is ; [script://.\bin\checkUSB.bat"] disabled = 0 interval = 3 sourcetype = EndPoint:USB ... View more

Splunk USB Control

by in Getting Data In
‎11-27-2019 05:16 AM
‎11-27-2019 05:16 AM
Hi, We use Splunk to manage usb devices. We write script which find usb's serial number and check in our database if it is registered splunk run a command which is devcon.exe update "c:\Windows\inf\disk.inf" "USBSTOR\GenDisk" Our script work properly in windows 7 and 8.1 but not work in windows10. When I run bat file manually its work. When I check the logs everything is seen right. I dont understand where the problem is. Script is right because when i run manually , usb devices is plugged. Can you help me ? Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All