Log Analysis SIEM Integration with Splunk on Linux

Description

In this project, I set up Splunk on Linux to collect, analyze, and monitor system logs (syslog, authentication logs, and system events) for IT support and security purposes.

Languages and Utilities Used

• Terminal

Environments Used

• Linux (6.11.2)

Program walk-through:

Download & Install Splunk:


Receive Web Interface:


Log-In Web Interface:


Open the rsyslog configuration file:


Add a Forwarding Rule:


Add a Rule to Write to /var/log/syslog:


Create the Log File, Set Appropriate Permissions, then Restart:


Export Journal Logs to a File:


Check for Logs in the System Journal:


Test the Configuration:


Configure Splunk to Monitor /var/log/journal_export.log:


Select Source, Input Settings & Review:


Search & Analyze Logs in Splunk:


Filter Specific Events: