Hello Splunk-Community,
for month we are discussing with our Linux admins, if it is ok to install Splunk Universal Forwarder on Linux (Red Hat) or not.
We just want to collect Tomcat / Apache logs from various Linux Hosts, and really don't know how.
The main concern is the management of the needed permissions (per Host / Application for about 1000 Linux Systems) to get the Forwarder to the needed application log directories. We don't want to run the Forwarder as root.
So what are you doing? Do you have any best practices?
I can't belive we are the only one facing this discussion.
Thank you
PS: As a side note, at Windows it seems to be ok to run the Forwarder as System Service.....
↧