I am currently trying to use snare to send event logs from my windows workstation to my Linux firewall system. I have snare setup according to the site, using port 514. I have also set up my splunk's data input udp section to receive windows_snare_syslogs. My problem is that i am unable to find the logs anywhere in my splunk NIX section. I am wondering if anyone could help me figure out if my issue is sending, receiving or simply finding the event logs. Thanks in advance.
The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkAdministration: Getting splunk in linux to receive snare logs from windows
Previous Topic: Splunk lightforwarder and props.conf | Next Topic: Splunklightforwarder to index
Posts 1–1 of 1