Getting Data In

Help save fschange! Still seeing great value in keeping fschange (deprecated since 5.x)

ng1p
Path Finder

When my company first purchased Splunk 4.x fschange was not deprecated and was one of the reasons that we have Splunk. I know it’s been since 5.x that it has been labeled as deprecated and is still in the latest 6.x release. We find it very useful and meets our basic requirement for change tracking. It is very easy and provides that one place to manage our change tracking needs. With the latest changes to PCI compliance one would think having this remain in core Splunk would be a great selling point for Splunk as it is a strong security tool why take away capability???

Splunk is recommending using the OS native tools to do this. This is not nearly as streamlined as using fschange and adds more work to implement on an enterprise basis (more complex and fragmented across multiple process owners ie: Windows Admins, UNIX Admins, Security and so on..
I have asked my Splunk Sales support team to submit an enhancement request to keep fschange supported and remove it from being deprecated. I think from what I have seen looking thru all of the interest in fschange on “Answers” if everyone that has used it or has a need would also submit an official enhancement request so we can keep fschange supported. Supported being the key word as with any compliance type tool most companies require it to be supported to use it.

Please submit your enhancement requests to help save fschange. If we all do this it would be hard for Splunk to look the other way. I for one would hate to see it go away. What say you?

Tags (2)

sloshburch
Splunk Employee
Splunk Employee
0 Karma

ogdin
Splunk Employee
Splunk Employee

We currently have no plans to remove the file integrity monitoring feature from Splunk without providing a native alternative. Fschange will continue to exist in the Splunk package as a fully supported feature until we have an equivalent. Deprecation simply means we are no longer making feature improvements to fschange specifically. This also means a future file integrity monitoring feature may not use the fschange stanza in inputs.conf but may be delivered through another method.

Thanks,

Splunk Product Management

ng1p
Path Finder

This is great news. Its good to know that fschange is not going away without some sort of replacement.

Thank you!

0 Karma

helenashton
Path Finder

Is this still the case? Or is there a replacement (for both *nix and Windows)

0 Karma

the_wolverine
Champion

Too late, already deprecated in version 5. Maybe someone will come up with an app to replace it.

0 Karma

lmyrefelt
Builder

It is my impression that FSchange was not working too good and stable on Windows, and that could be the reason for its deprecation.

However i agree With you and it will be intressting to see how they choose to solve this for the ESS and PCI apps.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...