Monthly Archives: September 2012

Splunk – howto configure a RHEL6 host to send data to Spunk and to use the Splunk TA for Unix and Linux

I did this. On Splunk server (receiver) Download/install Splunk TA for Unix and Linux to the Splunk server (receiver) and enabled it by going to Manager|Apps|Enable On host you want to collect data from (sender) Download and install the Splunk … Continue reading

Posted in Linux & Solaris | Tagged , | Leave a comment

How to exclude a directory from Linux audit

Using audit to track system changes, with rules from the CIS security guidelines. This server also has Splunk running on it, this created a crap load of changes that are reflected in the audit log files, so much so that … Continue reading

Posted in Linux & Solaris | Leave a comment