Li was asked to create a Splunk configuration to monitor syslog files stored on Linux servers at their organization. This configuration will be pushed out to multiple systems via a Splunk app using the on-prem deployment server.
The system administrators have provided Li with a directory listing for the logging locations on three syslog hosts, which are representative of the file structure for all systems collecting this data. An example from each system is shown below:
Host: syslog01 -
File path: /var/log/network/syslog01/linux_secure/syslog.log
Host: syslog02 -
File path: /var/log/network/syslog02/linux_secure/syslog.log
Host: us-syslog-01 -
File path: /var/log/network/us-syslog-01/linux_secure/syslog.log.2020090801
Which monitor:// stanza could Li use in their app to ensure all three of these files are ingested into Splunk?
rtiollc
2 weeks, 2 days ago