Unsolved
This post is more than 5 years old
1 Message
0
1874
October 29th, 2018 11:00
Splunk SourceOne integration
Hello,
Has anyone sent their SourceOne audit logs to Splunk and if so do you mind providing some insight to the method used? I am not terrible familiar with SourceOne and am trying to identify the best method to get the Audit logs out of it.
Thanks.
No Events found!
TheMigrator
25 Posts
0
November 1st, 2018 06:00
Assuming you are just wanting to upload them to Splunk for storage long term or for analysis review? SourceOne logs are available as raw files in the SourceOne install directory on each SourceOne Worker and on the Master. (i.e. D:\Program Files (x86)\EMC SourceOne\Logs). In there you will find all the various logs for the different operational parts of SourceOne (like journal, search, historical archive...…..). You will also find SourceOne events data in Windows Event Viewer under Application and Service Logs in the EMC view. There is a moderate integration with SCOM is you are looking for systems management (see the S1 SCOM manual for more details).
If you need to analyze the logs, you will find the SourceOne Log Analyzer tool of value (mention that as you said you are not terribly familiar with SourceOne). Your reseller or SourceOne Support have access to this and can likely make it available to you.
Good luck
Walt