On 3 July 2013 13:32, Douglas Brown <d46.brown@student.qut.edu.au> wrote:

Full splunk or just the universal forwarder? Interested to know how you go.

Full Splunk but it's going to take me forever.

Found this in the meantime:

http://riffraff169.wordpress.com/2011/11/22/splunk-and-selinux/