Looking through the K1 logs a bit, and wondering if anybody uses Splunk to manage the Kace logs. If not Splunk specifically, how do you manage the Kace logs?

0 Comments   [ - ] Hide Comments


Please log in to comment

Community Chosen Answer



I haven't used Splunk before, but I would tend to say that the logs are not accessible by default to that software.  The reason behind this is that there is no API to get the logs.  You would manually have to log in and navigate to them.

There is a patch that KACE support can give you for the k1000 that opens up a logs share that might work for this purpose.  Ask for the triage patch if this might work.

Depending on what you are looking for, you might also be able to use munin for that.  Go to http://yourk1000name/munin to see what I am talking about.

Answered 10/10/2012 by: jknox
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity



I've been using Splunk to manage the data kept in the KAgent.log file on each client at %ProgramData%\Dell\KACE\user\KAgent.log (Windows) and /var/dell/kace/user/KAgent.log (Linux). I was able to build a dashboard that displays endpoint license utilization, patches detected on each client, patches deployed to each client, inventory times, number of files replicated to replication shares, etc.

Answered 02/18/2016 by: bdmacdou
White Belt

  • We are trying to set this up now, how did you pull the patch information?
    • My guess would be to setup the Splunk Universal Forwarder on each system, and then configure a Monitor input stanza for the KAgent.log.

      You'll want to sample the log initially to make sure that Splunk can natively parse out the timestamp, and linebreak the events as needed.

      If you have any other Splunk specific questions, answers.splunk.com is a great resource :D
Please log in to comment