Configured a Splunk Universal Forwarder on a remote Ubuntu system to forward syslog and authentication logs to a central Splunk indexer. Includes setup steps, search queries, and incident response observations. Part of the 30-Day SOC Challenge.
log-analysis splunk incident-response syslog security-monitoring universal-forwarder soc-analyst linux-logging 30-day-soc
-
Updated
Apr 22, 2025