Re: Does btool logs its usage somewhere?

jordanking1992 · ‎04-04-2018

All,

Looking at some windows logs and came across the following commands ran on two separate computers. The "--no-log" concerns me and I can't seem to find if there is a place where logs would generate when this command is ran.

Has anyone seen or know why I would be seeing this? I am the only admin for these hosts so at first glance this looks like a bad actor.

clozach · ‎08-31-2020

Hi did you ever determine what the root of this was? I'm seeing the same thing in my environment and would like to understand what's going on.

thambisetty · ‎08-31-2020

Can you try running btool with —no-log option and check if that’s displaying some output?

————————————
If this helps, give a like below.

splunker12er · ‎04-05-2018

Can you post the full windows logs ? so to figure out why do you see these ?

PowerPacked · ‎04-04-2018

Hi @jordanking1992

Please check the usage of the btool command.

splunkhome/bin/splunk btool "conf file prefix" list --debug --app="appname"| grep "if you want to grep something from conf file"

and also use "> /var/tmp/123.txt" to write results into text file

here is the link to splunk doc

& splunk does writes logs about btool in splunkhome/var/log/splunk/bttol.log

Thanks

jordanking1992 · ‎04-05-2018

Thanks for the information but the question is "What am I seeing in those screenshots?". I cannot find the --no-log anywhere in the documentation.

-Jordan

Does btool logs its usage somewhere?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases