The dojo of Splunk. Learn, share, teach, mentor.
Videos
Latest Activity
Michael Wilde replied to Nikita's discussion Count failures and success via transaction"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"
yanu pratomo's Discussions
take log windows to splunk without forwarder
13 Replies
hi all,i install splunk server in the linux server, and i want to take windows server log to my splunk server, is possible to take the log without install splunk agent/forwarder in the windows…Continue
Started this discussion. Last reply by Hagar Oct 9, 2010.
yanu pratomo's Page
Gifts Received
yanu pratomo has not received any gifts yet
Latest Activity
Hagar replied to yanu pratomo's discussion take log windows to splunk without forwarder"I recomand installing snare (http://www.intersectalliance.com/projects/SnareWindows/index.html) on the window machine and sending the event log via syslog to SPLUNK , easy to install,easy to use..."
JH replied to yanu pratomo's discussion take log windows to splunk without forwarder"I have used psloglist to export windows binary event logs to human readable event logs and then copied them to the splunk server.
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hi,
1. Ok, clear..
2. Thx.
3. It's hard to say to them, because the never want to install anything on their operational server. But I'll try...
4. I worry about this, because the POC has already running for 2 weeks, and if i suggest to…"
Alexander Szoenyi replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hello,
1. You can install so many FW you need, it is not a license question, you are only license Data/day for indexing at the Splunk Indexer.
2. You new scenario is correct.
3. If the customer do not want to invest in a new System for MS FW, use…"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"I really love Splunk slogan in APAC with Singaporean English : "Can can, cannot also can lah..."
Please correct me; U have suggest us to provide (at least) one MS OS client installed and act as Splunk forwarder server that will collect…"
Alexander Szoenyi replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hello,
For your POC, install a Splunk FW on a MS OS System and configure evt/evtx, WMI and ADMON.EXE.
you need for this max. 1 hour.
Install on the Splunk Indexer the Windows APP.
With this little tasks your POC is working ;-)))
regards Alexander"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"ok, thanks for your information.
I have realize that, long before this thread posted; since evt or evtx are Microsoft proprietary stuff.
So, u have suggest to use forwarder or force our client to change to windows for the splunk server.
Maybe…"
Alexander Szoenyi replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hello,
1. You can export the evt and evtx, only to a Splunk with MS OS, because the evt and evtx are binarys and only on Windows you can transform this.
2. For WMI you need a Splunk Indexer with MS OS or a Splunk FW on MS OS, WMI works only on MS…"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"funny thing on linux Splunk installation version"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hi,
I have Windows app on my linux server, and i think with or without that app install, it has no different, u still can't find way to get the .evt log in anyway.
I have tried many possible things to reach the data, but result nothing.
I…"
Atul Mistry replied to yanu pratomo's discussion take log windows to splunk without forwarder"If you install the "Windows" app (http://www.splunk.com/apps/windows) on the linux server, you will see the windows specific sources and sourcetypes.
once you do that, splunk may be able to eat the *.evt files properly.
also, you may…"
Andi Susanto replied to yanu pratomo's discussion take log windows to splunk without forwarder"Hi "Atul Mistry",
I have try help Yanu to solved this problem by mapped to the Windows event log directory at C:\WINDOWS\system32\config and try to place the AppEvent.evt , DNSEvent.evt, SecEvent.evt, SysEvent.evt ;
We install samba in…"
Atul Mistry replied to yanu pratomo's discussion take log windows to splunk without forwarder"If you can place the log on a network drive that is accessible by the splunk server you should be able to eat the log without the forwarder."
yanu pratomo posted a discussiontake log windows to splunk without forwarder
hi all,i install splunk server in the linux server, and i want to take windows server log to my splunk server, is possible to take the log without install splunk agent/forwarder in the windows serverthanks See More
Michael Wilde left a comment for yanu pratomo"Yanu..
Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered.
Thanks
Michael Wilde
Splunk Ninja"
Profile Information
- Are you an existing splunk user?
- Not yet
- What do you do for your day job?
- System Engineer
Comment Wall (1 comment)
- At 8:18pm on January 7, 2010, Michael Wilde said…
- Yanu..
Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered.
Thanks
Michael Wilde
Splunk Ninja
© 2012 Created by Michael Wilde.
