|
1 |
2 |
5 |
Click Next to select the events to forward based on subsystem and event date. Once the subscription is created the starting event date and time cannot be changed. |
• |
By default, events start sending after the subscription is created. To change when to begin sending events, click Send events starting and select the desired date and time. The time cannot be more than 30 days prior to the Change Auditor installation date. |
6 |
Click Finish. |
1 |
1 |
5 |
Click Finish. |
1 |
1 |
2 |
Click Refresh. |
Use this command to create the subscription required to send Change Auditor event data to Splunk.
Example: Create a subscription to send all subsystems event data to a Splunk instance
$allSubsystems = Get-CAEventExportSubsystems -Connection $connection
Use this command to see the details of the current Splunk subscriptions.
The ID of an existing Splunk subscription. You can find this by running this command using just the connection information. It is also returned by the New-CASplunkEventSubscription command. |
Get-CASplunkEventSubscriptions -Connection $connection
The command returns the following information.
© ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center