Videos

  • Add Videos
  • View All

Latest Activity

Profile Icon
Greg Vallenari is now a member of splunkninja Sunday
Welcome Them!
Profile Icon
Mike Hartford commented on Michael Wilde's video
Got it thanks
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Michael Wilde commented on Michael Wilde's video
Sure...  When you do group mapping, map them to groups that don't have the domain admins in them.  I have a separate OU=Groups that has "Splunk Users, Splunk Admins, Splunk Power Users" as group names, and specific users…
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 8
Profile Icon
Mike Hartford commented on Michael Wilde's video
I want to give LDAP access to my splunk servcie but I don't want the LDAP users to have admin capabilitys in Splunk.  Can I keep the domain admins out of Splunk if I have LDAP authentication???
Thumbnail

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Feb 7
Profile Icon
Mike Hartford left a comment for Jonathan Hawes
Helow Jonathan,   Glad to have another Splunker.  I've been useing Splunk for 2 years and am hooked.  I leared how to spell splunk and | transaction too.  you'll learn that one soon.   Go over to Splunk…
Feb 7
Profile Icon
Mike Hartford commented on Mike Hartford's blog post 'tees for the holy day'
  Holy Batskins Ninja, zzzzzwap zgruppp kapow a hidden stash, how great is that!!!!   The team that found them must have special bat senses and highly tooned Splunking skills   I like to wear Extra Lovable…
Feb 7
Profile Icon
Learning, learning, learning . . . Our Splunk "expert" is gone, and the non-programmer gets to learn the task! How do you spell SPLUNK?
Status posted by Jonathan Hawes Feb 7
0 Comments
Profile Icon
Jonathan Hawes is now a member of splunkninja Feb 7
Welcome Them!
yanu pratomo
yanu pratomo
  • Jakarta
  • Indonesia
Share on Facebook Share on Facebook Share Twitter

yanu pratomo's Discussions

take log windows to splunk without forwarder
13 Replies

hi all,i install splunk server in the linux server, and i want to take windows server log to my splunk server, is possible to take the log without install splunk agent/forwarder in the windows…Continue

Started this discussion. Last reply by Hagar Oct 9, 2010.

 

yanu pratomo's Page

Gifts Received

Gift

yanu pratomo has not received any gifts yet

Give yanu pratomo a Gift

Latest Activity

Profile Icon
Hagar replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
I recomand installing snare (http://www.intersectalliance.com/projects/SnareWindows/index.html) on the window machine and sending the event log via syslog to SPLUNK , easy to install,easy to use...
Oct 9, 2010
Profile Icon
JH replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
I have used psloglist to export windows binary event logs to human readable event logs and then copied them to the splunk server. http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx
Sep 10, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hi, 1. Ok, clear.. 2. Thx. 3. It's hard to say to them, because the never want to install anything on their operational server. But I'll try... 4. I worry about this, because the POC has already running for 2 weeks, and if i suggest to…
Feb 5, 2010
Profile Icon
Alexander Szoenyi replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hello, 1. You can install so many FW you need, it is not a license question, you are only license Data/day for indexing at the Splunk Indexer. 2. You new scenario is correct. 3. If the customer do not want to invest in a new System for MS FW, use…
Feb 4, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
I really love Splunk slogan in APAC with Singaporean English : "Can can, cannot also can lah..." Please correct me; U have suggest us to provide (at least) one MS OS client installed and act as Splunk forwarder server that will collect…
Feb 4, 2010
Profile Icon
Alexander Szoenyi replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hello, For your POC, install a Splunk FW on a MS OS System and configure evt/evtx, WMI and ADMON.EXE. you need for this max. 1 hour. Install on the Splunk Indexer the Windows APP. With this little tasks your POC is working ;-))) regards Alexander
Feb 3, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
ok, thanks for your information. I have realize that, long before this thread posted; since evt or evtx are Microsoft proprietary stuff. So, u have suggest to use forwarder or force our client to change to windows for the splunk server. Maybe…
Feb 3, 2010
Profile Icon
Alexander Szoenyi replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hello, 1. You can export the evt and evtx, only to a Splunk with MS OS, because the evt and evtx are binarys and only on Windows you can transform this. 2. For WMI you need a Splunk Indexer with MS OS or a Splunk FW on MS OS, WMI works only on MS…
Feb 3, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
funny thing on linux Splunk installation version
Feb 3, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hi, I have Windows app on my linux server, and i think with or without that app install, it has no different, u still can't find way to get the .evt log in anyway. I have tried many possible things to reach the data, but result nothing. I…
Feb 3, 2010
Profile Icon
Atul Mistry replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
If you install the "Windows" app (http://www.splunk.com/apps/windows) on the linux server, you will see the windows specific sources and sourcetypes. once you do that, splunk may be able to eat the *.evt files properly. also, you may…
Feb 1, 2010
Profile Icon
Andi Susanto replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
Hi "Atul Mistry", I have try help Yanu to solved this problem by mapped to the Windows event log directory at C:\WINDOWS\system32\config and try to place the AppEvent.evt , DNSEvent.evt, SecEvent.evt, SysEvent.evt ; We install samba in…
Feb 1, 2010
Profile Icon
Atul Mistry replied to yanu pratomo's discussion 'take log windows to splunk without forwarder'
If you can place the log on a network drive that is accessible by the splunk server you should be able to eat the log without the forwarder.
Jan 29, 2010
Profile Icon

take log windows to splunk without forwarder

hi all,i install splunk server in the linux server, and i want to take windows server log to my splunk server, is possible to take the log without install splunk agent/forwarder in the windows serverthanks See More
Discussion posted by yanu pratomo Jan 29, 2010
13 Comments
Profile Icon
Michael Wilde left a comment for yanu pratomo
Yanu.. Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered. Thanks Michael Wilde Splunk Ninja
Jan 8, 2010
Profile Icon
yanu pratomo is now a member of splunkninja Dec 31, 2009
Welcome Them!

Profile Information

Are you an existing splunk user?
Not yet
What do you do for your day job?
System Engineer

Comment Wall (1 comment)

At 8:18pm on January 7, 2010, Michael WildeMichael Wilde said…
Yanu..


Thanks for signing up. I set up this site so we can freely share, discuss, ask questions, post videos.. whatever. Ask hard questions, and we'll try to get them answered.


Thanks

Michael Wilde
Splunk Ninja

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service