Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Splunk: Any way to fetch logs via ssh - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Splunk: Any way to fetch logs via ssh
I would say that everything is possible with Splunk but it can be more complex than expected.
If you can't install a Splunk Forwarder, what are the type(s) of logs to collect? Binary? Text? Can you maybe export them via Syslog?
Xme

399 Posts
ISC Handler
It sounds like we are under similar restrictions for working with production servers. No chance of my getting the forwarder approved to run there in my environment either.

I do this with sftp via a .bat file (Windows). Splunk monitors a local directory. I have the sftp set to pull the (entire) file from the remote server every 10 minutes and place it in that directory. So there is a delay, but acceptable for my purposes.
Jack G.

7 Posts

Sign Up for Free or Log In to start participating in the conversation!