===Check Log Permissions App (check-log-permissions)===
Author: Rob Jordan
Version/Date: 1.0.1/2016-03-29
Supported product(s): Splunk 6.3 or greater
Source type(s): check_log_permissions
Input requirements:
TA-check-log-permissions
===Using this technology app===
Configuration: Manual
This app (check-log-permissions) should be deployed under $SPLUNK_HOME/etc/apps to your search head(s).
This app (check-log-permissions) includes a dashboard to review events from sourcetype (check_log_permissions) and has a dependency on the the Technology Addon (TA-check-log-permissions) to collect events.
It's not required to install the Technology Addon (TA-check-log-permissions) on your search head(s) or indexer(s) unless you intend to collect data about logs which reside on your search head(s) or indexers(s).
===Check Log Permissions Technology Add-on (TA-check-log-permissions)===
Author: Rob Jordan
Version/Date: 1.0.1/2016-03-29
Supported product(s): Splunk 4.x or greater
Source type(s): check_log_permissions
Input requirements:
TA-check-log-permissions/default/inputs.conf
TA-check-log-permissions/bin/check-log-permissions.inputs
===Using this technology add-on===
Configuration: Manual
Scripted input setup: How to set up the scripted input(s) (if applicable)
Typically, this app should be copied or deployed via deployment server to $SPLUNK_HOME/etc/apps for a universal forwarder.
It can also be deployed to a Splunk indexer or search head if you intend to collect log information from those hosts.
By default, this app will attempt to collect information on files under /var/log and send it to the main index as sourcetype check_log_permissions once a day for each forwarder it is deployed to.
Index, sourcetype and execution frequency can be changed by copying TA-check-log-permissions/default/inputs.conf to TA-check-log-permissions/local/inputs.conf and editing.
It is recommended you do not change the sourcetype (check_log_permissions) if you intend on using the counterpart dashboard included in the Check Log Permissions app.
To change what logs to scan for, you will need to add or edit log patterns in TA-check-log-permissions/bin/check-log-permissions.inputs. It most cases you can use the same pattern you would use in a Splunk monitor stanza including using * as a wildcard.
Updated and new dashboards, additional field extractions. Note: Technical Addon will work on all versions of Splunk, Dashboards require version 6.3 or greater.
===Check Log Permissions App (check-log-permissions)===
Author: Rob Jordan
Version/Date: 1.0.0/2016-01-19
Supported product(s): Splunk 4.x or greater
Source type(s): check_log_permissions
Input requirements:
TA-check-log-permissions
===Using this technology app===
Configuration: Manual
This app (check-log-permissions) should be deployed under $SPLUNK_HOME/etc/apps to your search head(s).
This app (check-log-permissions) includes a dashboard to review events from sourcetype (check_log_permissions) and has a dependency on the the Techical Addon (TA-check-log-permissions) to collect events.
It's not required to install the techinical addon (TA-check-log-permissions) on your search head(s) or indexer(s) unless you intend to collect data about logs which reside on your search head(s) or indexers(s).
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.