I've been tasked to forward logs from Windows NT to Splunk Enterprise however, there is no Syslog inbuilt for Windows and also no Splunk Universal Forwarder.
Any idea how I should approach to this for corporate use?
Todays "Splunking against the odds" award goes to @Kitteh
I'm sure there is a reason, and that its beyond your control but NT was EOL 13 years ago!
I salute your determination! 🙂
Hi Kitteh,
try using an old verion of Universal Forwarder, e.g. 5.18 and check if you correctly receive logs.
three years ago, I had to install UF on an XP machine and I used version 4.3.7 with a special configuration:
SPLUNK_HOME/etc/system/local/inputs.conf
[script://$SPLUNK_HOME/bin/scripts/splunk-regmon.path
disabled = 1
[script://$SPLUNK_HOME/bin/scripts/splunk-wmi.path
disabled = 1
[script://$SPLUNK_HOME/bin/scripts/splunk-admon.path
disabled = 1
The safer way to proceed is to open a case to Splunk Support
Did you tried to use WMI?
Bye.
Giuseppe