Linux and Unix

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Linux is a widely adopted open-source operating system known for its flexibility, security, and robust performance across various computing environments. Its open-source nature allows for extensive customization and a vibrant community, making it a foundational component for servers, embedded systems, and development workstations.

Getting data in

Source	Add-ons and Apps	Guidance
Linux and Unix Similar to other operating systems, there are different types of logs can you get from Linux. Security logs. Linux security logs are a source of data that records information related to login attempts (success and failure), elevated privileges, and other security events as defined by the system’s audit policy. These logs are one of the primary tools used by security analysts to detect and investigate unauthorized activity and to troubleshoot access problems. Operating logs. Linux operating system logs are a source of data that reports on state changes in a UNIX or Linux variant operating system. This includes changes to applications, service state, and hardware events. These events are used by operations and development teams to troubleshoot and mitigate errors.	Splunk platform Splunk Add-on for Unix and Linux Splunk Add-on for Linux Splunk Add-on for Sysmon for Linux	Configuration About the Splunk Add-on for Unix and Linux Splunk Add-on for Linux Splunk Add-on for Sysmon for Linux Collect Linux data (Splunk Observability Cloud) Splunk Lantern Articles Benchmarking filesystem performance on Linux-based indexers Installing Splunk Enterprise 9.x on Linux Reducing log volume with SPL2 Linux/Unix templates for Edge Processor and Ingest Processor Setting Unix profiles Securing a work-from-home organization Investigating a ransomware attack Managing nix system user account behavior Maintaining nix systems with the Splunk platform Maintaining *nix systems with Infrastructure Monitoring Creating a timebound picture of network activity Recovering lost visibility of IT infrastructure Routing root user events to a special index
Sysmon for Linux Sysmon for Linux is a system monitoring tool that provides detailed insights into system activity, including process creations, network connections, and file modifications. It helps in detecting advanced threats and understanding system behavior by capturing high-fidelity event data, which is crucial for security monitoring and incident response.	Splunk platform Splunk Add-on for Sysmon for Linux	Configuration Splunk Add-on for Sysmon for Linux Splunk Lantern Articles Detecting usage of popular Linux post-exploitation tools

Source

Add-ons and Apps

Guidance

Linux and Unix

Similar to other operating systems, there are different types of logs can you get from Linux.

Security logs. Linux security logs are a source of data that records information related to login attempts (success and failure), elevated privileges, and other security events as defined by the system’s audit policy. These logs are one of the primary tools used by security analysts to detect and investigate unauthorized activity and to troubleshoot access problems.
Operating logs. Linux operating system logs are a source of data that reports on state changes in a UNIX or Linux variant operating system. This includes changes to applications, service state, and hardware events. These events are used by operations and development teams to troubleshoot and mitigate errors.

Splunk platform

Configuration

About the Splunk Add-on for Unix and Linux
Splunk Add-on for Linux
Splunk Add-on for Sysmon for Linux
Collect Linux data (Splunk Observability Cloud)

Splunk Lantern Articles

Sysmon for Linux

Sysmon for Linux is a system monitoring tool that provides detailed insights into system activity, including process creations, network connections, and file modifications. It helps in detecting advanced threats and understanding system behavior by capturing high-fidelity event data, which is crucial for security monitoring and incident response.

Splunk platform

Splunk Add-on for Sysmon for Linux

Configuration

Splunk Add-on for Sysmon for Linux

Splunk Lantern Articles

Detecting usage of popular Linux post-exploitation tools