I have found following entries in splunk log
08-26-2013 04:22:05.656 -0700 INFO TcpInputConfig - performing DNS lookup on 192.168.2.1

Also i tried it to configure via SNMP and found below log
CarrierError: bind() for (u'192.168.2.1', 162) failed: [Errno 10049] The requested address is not valid in its context

My only other suggestions at this point would be to narrow down the possible cause:
- Redirect a device/server with a known-good syslog generation at Splunk
- Point your firewall at a known/good syslog collector
- Look at the event in $SPLUNK_HOME/var/log/splunk/splunkd.log to see any potential issues

Everything you've mentioned indicates you've set it up correctly, so it's time for troubleshooting now 🙂

I have configured it via tcp and udp port 514 still i am waiting for logs.

I have configured it with TCP 514 only
TCP port = 514
Source type = syslog
Status = Enabled

Ahhh one other point I forgot to mention, have you confirmed that Splunk is set up to receive TCP 514?
- Manager > Data Inputs > TCP > Add New
You might want to do the same for UDP just to be sure.

I have configured it by TCP port and also disabled server firewall but still not see any logs on splunk

A few things I'd check:
- Ensure Syslog is being sent by TCP not UDP
- Temporarily disable the server firewall on the Splunk server to see whether that's a factor

Hi Turk,
Thanks for reply. I have configured it via syslog udp port 514. But i am not able to see any logs in splunk also not show the connection in 'netstat' command.