Forums: SplunkAdministration: Syslog in Splunk

Previous Topic: routing selective events between splunk indexers  |   Next Topic: Splunk Web


Posts 1–3 of 3  |  Post to this topic
1
Halah's Mugshot posted by: Halah  |  posts
date: October 14, 2009
permalink

I am trying to configure Splunk as a syslog server, I created a syslog app and I tried configure it to capture packets on UDP port 514 using the input.conf file, but it didnt work.
I read about a way to make Kiwi syslog capture the syslog msgs and make Splunk monitor the log file. I tried it but still.

I doubt that the app is missconfigured coz it does not retrieve any input from the file. I think whats missing is to instruct the syslog app to graph and analyze the inputs, but how can that be done?

your help is greatly appreciated,

2
araitz's Mugshot posted by: araitz  |  posts
date: October 15, 2009
permalink

What version of Splunk? What operating system? Is there a firewall such as iptables that is blocking traffic to port 514? What user is Splunk running as?

3
Halah's Mugshot posted by: Halah  |  posts
date: October 18, 2009
permalink

I am running Splunk 4.0 on Windows server 2008, and there is no firewalls implemented in between. And I am using the default Admin user.

What configuration is needed to make this app retrieve syslog msg ?

Post to this topic

You must be logged in to post a reply.