Hi all,
Splunk newbie with what I hope is a simple question... I have a UF installed on my windows file server, and it is set to monitor a directory--see below
[WinEventLog://Security] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest monit [WinEventLog://System] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest [monitor://D:\documents\Confidential] disabled = false
The intent is for it to report access/modifications/deletions to files in that directory, but I am not getting any file monitoring activity returned to my splunk server when I perform a simple query for the windows host. I do get all the system and security events, though. Any ideas on why I'm not getting the file monitoring activity? Thanks!
... View more