Created
October 30, 2018 14:19
-
-
Save f8al/339ba3302eac6fe3983e4517747de04d to your computer and use it in GitHub Desktop.
images to add to sysmon configs to avoid logging loops when using splunk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- SECTION: Splunk--> | |
| <!--COMMENT: without omitting the splunkd image from a universal forwarder or full installation, you will get a log loop from connection logging, logging everytime the forwarder sends logs to an indexer on 9997, and then logging the connection it made to send the log, over and over, its turtles all the way down.--> | |
| <Image condition="is">C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe</Image><!--Splunk Universal Forwarder--> | |
| <Image condition="is">C:\Program Files\Splunk\bin\splunkd.exe</Image><!--Splunk daemon--> | |
| <Image condition="is">C:\Program Files (x86)\SplunkUniversalForwarder\bin\splunkd.exe</Image><!--Splunk Universal Forwarder--> | |
| <Image condition="is">C:\Program Files (x86)\Splunk\bin\splunkd.exe</Image><!--Splunk daemon--> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment