Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

universal forwarder cannot find the path which I want to specify

p1004
New Member
‎11-11-2013 03:36 PM

When I install the universal forwarder on my DHCP server, I want to monitor the DHCP folder under system32, but from the software, when I use "path to monitor", I cannot find the DHCP folder through Directory, can you let me know why?

Tags (2)
0 Karma
Reply

Runals
Motivator
‎11-11-2013 05:10 PM

You using the case sensitive path to your logs? Since you haven't posted the path to your own and you mention system32 I'm guessing the path is the default one. This has worked for me. 

[monitor://C:\WINDOWS\system32\dhcp]
sourcetype = DhcpSrvLog
crcSalt = <SOURCE>
disabled = false
whitelist = Dhcp.+\.log
Reply

p1004
New Member
‎11-11-2013 04:02 PM

Thanks for your answer, I am running a domain admin account, and it is in the local admin group, the permission should not be a problem.

0 Karma
Reply

ShaneNewman
Motivator
‎11-11-2013 03:54 PM

Is Splunk setup to run as a system account or a domain account? If it is setup as a domain account, it may not have the correct permissions to that directory.

0 Karma
Reply

ShaneNewman
Motivator
‎11-11-2013 04:13 PM

If you browse the folder directory as the domain account on the server itself, can you see the files you want to monitor?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...