I have an environment where it's going to be a hassle to add a new Windows server. However, we have a file on a Windows server we would like to monitor and log. Is it possible to do that from a Linux Heavy Forwarder? Using samba/cifs so we can map the drive?
Or, as this answer implies
( https://answers.splunk.com/answers/27269/using-fschange-to-monitor-files-on-linux-server-from-windows-splunk-server.html ),
will that cause more problems then it's worth?
Thanks.
↧