diff --git a/applications/itd/splunk/module.nix b/applications/itd/splunk/module.nix
index 30dcb19..8500a41 100644
--- a/applications/itd/splunk/module.nix
+++ b/applications/itd/splunk/module.nix
@@ -47,6 +47,21 @@ in {
     # might not be required
     networking.firewall.allowedTCPPorts = [8089];
 
+    # need to set access controls
+    systemd.tmpfiles.rules = [
+       "a /var/log                 - - - - u:splunk:rx"
+       "a /var/log/auth.log        - - - - splunk:r"
+       "a /var/log/messages        - - - - u:splunk:r"
+       "a /var/log/secure          - - - - u:splunk:r"
+       "a /var/log/audit           - - - - u:splunk:rx"
+       "a /var/log/audit.log       - - - - u:splunk:r"
+       "a /var/log/audit/audit.log - - - - u:splunk:r"
+       "a /root                    - - - - u:splunk:rx"
+       "a /root/.bash_history      - - - - u:splunk:r"
+       "a /home/*                  - - - - u:splunk:rx"
+       "a /home/*/.bash_history    - - - - u:splunk:r"
+    ];
+
     # set up the core files
     systemd.services."${name}_prestart" = {
       wantedBy = [