Script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-siteinfo.ps1" # Site, Site Link and Subnet Information 2012r # Site, Site Link and Subnet Information NT6 Script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-health.ps1" # Scripted/Powershell Mod inputs Active Directory # Sourcetype = Script:TimesyncConfiguration # Below stanza will monitor the generated WindowsUpdate.log in Windows 10 and Server 2016 "$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\generate_windows_update_logs.ps1" # Below stanza will automatically generate WindowsUpdate.log daily # Enable below powershell and monitor stanzas to get WindowsUpdate.log for Windows 10 and Server 2016 # Enable below stanza to get WindowsUpdate.log for Windows 8, Windows 8.1, Server 2008R2, Server 2012 and Server 2012R2 # Application and Services Logs - Key Management Service # Application and Services Logs - File Replication Service # Application and Services Logs - Directory Service # Application and Services Logs - DFS Replication # WinEventLog Inputs for Active Directory # # The addon supports only XML format for the collection of WinEventLogs using WEF, hence do not change the below renderXml parameter to false. # To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/Splunk_TA_windows/defaultīlacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolic圜ontainer)"īlacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolic圜ontainer)" # Please make all changes to files in $SPLUNK_HOME/etc/apps/Splunk_TA_windows/local. In the local directory create a conf file named nf with the following text.Extract the splunk app for windows infrastructure (Splunk_TA_windows) and create a local directory.Download the splunk add on app for windows from here.In the deployment server (Indexer), open the splunk enterprise in the browser click Settings > Forwarder management > clients (UF-1 should be visible) > server class > Edit (Edit Clients) > UF-1 (in the include list) > preview > save.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |