See Security and remote access considerations for additional information on the requirements you must satisfy to collect remote data properly using WMI.īy default, Windows restricts access to some event logs depending on the version of Windows you run. The user you use to install the software determines the event logs that Splunk software has access to. Do not install Splunk software as the Local System user. To use WMI to get event log data from remote machines, you must ensure that your network and Splunk Enterprise instances are properly configured. The Local System user has access to all data on the local machine, but not on remote machines. To install forwarders on your remote machines to collect event log data, install the forwarder as the Local System user on these machines. If you can't install a forwarder on the machine where you want to get data, you can use a WMI. See The universal forwarder in the Universal Forwarder manual for information about how to install, configure and use the forwarder to collect event log data. As a best practice, use a universal forwarder to send event log data from remote machines to an indexer. You collect event log data from remote machines using a universal forwarder, a heavy forwarder, or WMI. Security and other considerations for collecting event log data from remote machines The user that the forwarder runs as must have read access to the event logs you want to collect. See Choose the Windows user Splunk Enterprise should run as in the Installation Manual.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |