This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
The following are the spec and example files for admon.conf.
# Copyright (C) 2005-2010 Splunk Inc. All Rights Reserved. Version 4.1.5 # # This file contains potential attribute/value pairs to use when configuring Windows active # directory monitoring. # # To learn more about configuration files (including precedence) please see the documentation # located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles [<stanza name>] * There can be multiple configuration for any given Domain Controller, so this is a unique name related to that particular set of configuration. targetDC = <string> * Fully qualified domain name. This can also be empty, which then it will obtain the local computer DC and bind to its root DN. startingNode = <string> * Specify a path to the directory tree in AD where to start monitoring, or else if left empty it will start at the root of the directory tree monitorSubtree = <int 0|1> * Given the DC path, monitor subtree instead of a single level disabled = <in 0|1> * Enables or disables this particular configuration
# Copyright (C) 2005-2010 Splunk Inc. All Rights Reserved. Version 4.1.5 # # This file contains an example configuration for monitoring changes # to the Windows active directory monitor. Refer to admon.conf.spec for details. # The following is an example of a active directory monitor settings. # # To use one or more of these configurations, copy the configuration block into # admon.conf in $SPLUNK_HOME/etc/apps/windows/local/. You must restart Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see the documentation # located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles [default] monitorSubtree = 1 disabled = 0 [NearestDC] targetDc = startingNode =