Solved: collect Remote event log on my Windows splunk serv...

dineshahlawat · ‎05-23-2013

Hello Team,
I am new to splunk,
I need to collect Remote event Log on my Windows splunk server.
So Under my splunk GUI
Manager » Data inputs » Event log collections » My_server_logs
It Gives Me error :

Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host '10.151.57.199'. This host may not be reachable or WMI may be misconfigured.

Now the log i am fetching is a Unix Machine so do i need to configure the win-wmi on unix or there is any other tool i need to configure for this.
please share the sequence of steps to configure this.

Ayn · ‎05-23-2013

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

View solution in original post

Ayn · ‎05-23-2013

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

Ayn · ‎05-23-2013

Read docs. http://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Deploymentoverview

dineshahlawat · ‎05-23-2013

Thanks Ayn, For clearing this doubt. Can you please share the steps to configure the Universal Forwarder (ON UNIX) to forward the log file to Splunk.

Ayn · ‎05-23-2013

Oh so you mean the other way around? You're running Splunk on Windows but have remote logs on a Unix box? In that case you can't use WMI at all, it's Windows only. For getting events from your remote Unix box, you should install a Universal Forwarder on it and have it send the events back to your indexer. Or configure it to send syslog.

dineshahlawat · ‎05-23-2013

OK so what can i do to access the unix logs.
please share any reference to configure.

collect Remote event log on my Windows splunk server

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk