What version of Splunk? What operating system? Is there a firewall such as iptables that is blocking traffic to port 514? What user is Splunk running as?
The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkAdministration: Syslog in Splunk
Previous Topic: routing selective events between splunk indexers | Next Topic: Splunk Web
Posts 1–3 of 3
I am trying to configure Splunk as a syslog server, I created a syslog app and I tried configure it to capture packets on UDP port 514 using the input.conf file, but it didnt work.
I read about a way to make Kiwi syslog capture the syslog msgs and make Splunk monitor the log file. I tried it but still.
I doubt that the app is missconfigured coz it does not retrieve any input from the file. I think whats missing is to instruct the syslog app to graph and analyze the inputs, but how can that be done?
your help is greatly appreciated,
I am running Splunk 4.0 on Windows server 2008, and there is no firewalls implemented in between. And I am using the default Admin user.
What configuration is needed to make this app retrieve syslog msg ?