Deployment Architecture

Pre-canned Linux source types under /var/log

klopez30
Explorer

Is there any documentation about which files are covered by the pre-canned source types for linux? Specifically, there are two that are fairly similar, linux_messages_syslog: italic*Format found within the Linux log file /var/log/messages*italic and linux_secure: italic*Format for the /var/log/secure file containing all security related messages on a Linux machine*italic.

It's a production machine that I don't have access to, so I can't just guess and check.

Thanks

0 Karma

p_gurav
Champion
0 Karma

klopez30
Explorer

That doesn't map the files to the the sourcetype. It gives an example of one log for that sourcetype.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...