All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for unix

catch_mili
Explorer
‎01-31-2013 03:50 AM

Hi,

I am using Splunk for Linux Servers log monitoring, and I am using unix add-on for that.
Now, I want to monitor when
Users/root installed any software/rpm/tar into the system.

Please help.

Regards,
catch_mili

0 Karma
Reply

DaveSavage
Builder
‎01-31-2013 04:48 AM

I don't think you will find that Splunk can tell you that, at least not directly. It is interesting though! You can lock your systems down of course, and log / see if a person SU's up to root but ideally they shouldn't have root access as it totals your change control and protection of the systems.
If you use a 3rd party product for asset discovery (software type) and that logs information then you can bring it back into Splunk as the point of control. Solaris has pkginfo for example.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...