Hello,
I am currently training on centralization of the analysis of logs and I find myself stuck. Indeed, I was able to get on my Splunk server the data from a Windows server. However, I tried by all means to recover syslogs from a Cisco switch and router but I cannot. Yet I have configured Splunk to listen on port 514 but nothing happens ...
Last note, my Splunk forwarder is installed on Windows 7.
Thank you for your answers
Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:
On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).
On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.
Make sure your firewall is not blocking and it should work.
Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:
On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).
On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.
Make sure your firewall is not blocking and it should work.
Give more details on where you're getting stuck. Did you configure the Cisco devices to actually send syslog to your Splunk server?
thank you the essaieAyn
but I just found the solution to the problem was the firewall c