Linux/Unix Data
Linux/Unix data is collected via the Splunk Add-on for Linux and Unix (*nix).
Splunkbase Download: https://splunkbase.splunk.com/app/833/
Installation and Configuration Guide: https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/About
Collect Users and Groups related data from Linux
We have created a specific shell script to collect information about which users have sudo privileges via a user list which has normal login privileges. And another script that collects information about groups on the Linux/Unix machines. Download the Cyences Add-on for Splunk to enable this feature.
Splunkbase Download: https://splunkbase.splunk.com/app/5659/
Refer to A-TA-linux_inputs
App on this GitHub Repo for inputs.conf reference.
Note: Use index=os
, for data collection or update the macro definition for Linux Data (Settings > Configuration).
Estimated Data Size
The total data size with the updated stanzas are less than 100MB per Linux host per day. Exclude inputs that are not relevant to your environment.