Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I tried by all means to recover syslogs from a Cisco switch and router but I can not.

fdi01
Motivator
‎01-19-2015 11:37 PM

Hello,
I am currently training on centralization of the analysis of logs and I find myself stuck. Indeed, I was able to get on my Splunk server the data from a Windows server. However, I tried by all means to recover syslogs from a Cisco switch and router but I cannot. Yet I have configured Splunk to listen on port 514 but nothing happens ...
Last note, my Splunk forwarder is installed on Windows 7.
Thank you for your answers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

fdi01
Motivator
‎01-20-2015 04:38 AM

Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:

  • On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).

  • On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.

Make sure your firewall is not blocking and it should work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

fdi01
Motivator
‎01-20-2015 04:38 AM

Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:

  • On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).

  • On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.

Make sure your firewall is not blocking and it should work.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎01-20-2015 12:38 AM

Give more details on where you're getting stuck. Did you configure the Cisco devices to actually send syslog to your Splunk server?

Reply
Solved! Jump to solution

fdi01
Motivator
‎01-20-2015 04:43 AM

thank you the essaieAyn
but I just found the solution to the problem was the firewall c

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...