Use the Security event log to monitor changes to files You must enable security auditing for the files or directories you want the Splunk platform to monitor changes to.The Splunk platform must run as the Local System user or as a domain user with specific security policy rights to read the Security event log.See Install on Windows in the Installation Manual. The Splunk platform must run on Windows.You must meet the following requirements to monitor file system changes: If you use Splunk Cloud Platform and want to monitor Windows file system changes through the Security Event Log channel, use the Splunk universal forwarder to monitor the changes on a Windows machine. This procedure of monitoring file system changes replaces the deprecated file system change monitor input. To monitor file changes, you must enable security auditing for the files and folders you want to monitor for changes and use the Event Log monitor to monitor the Security event log channel. The Splunk platform supports monitoring Windows file system changes through the Security Windows Event Log channel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |