Skip to main content

Hello,

I am attempting to ingest audit logs (logins to RunDeck platform, changes to platform, etc.) into our Splunk instance (Splunk Cloud).  Is there any RunDeck documentation that can assist with this?  I see there used to be a RunDeck Splunk app, but it appears to have been archived and hasn’t been updated since 2018. 

Hello,

There´s no official information about Splunk and Rundeck integration in the documentation. I guess that you´re referring to this app.

Currently, a good approach could be using the Splunk Universal Forwarder agent to send all Rundeck logs to the Splunk instance. This is a good starting point. Additionally, this video appears to be really useful.

Regards!

Thank you.  Do you have any documentation about how to configure RunDeck to output those logs so that the forwarder can monitor them?  I am familiar with the Splunk side, but I have no knowledge of RunDeck, so I will need to know what files to monitor and if there is any configuration that needs to be done in order to generate those logs for monitoring. 

Hi, 

Here you can check the Rundeck logging structure. Basically, Rundeck uses log4j2 to manage them (except the service.log, that logfile is the standard Java app output redirected). Also, here you can learn more about log content and goals. Hope it helps :-)

Best Regards!

Reply


Terms & ConditionsCookie settings