Getting syslogs from Avamar

gcusello · ‎05-23-2017

Hi at all,
I'm trying to get Avamar logs by syslog (UDP).
The problem is that every time Avamar sends an event log, I don't receive in Splunk the last event, but the previous; to have the last event Avamar has to generate a new event.
In other words there is a queue problem.
I need to understand if the problem is Avamar (probably but I'm not sure) or splunk configuration.
In the second case, it'a a problem of mine!
Has anyone encountered this problem?

Thank you in advance.
Bye.
Giuseppe

nabeel652 · ‎07-18-2017

Best way to get logs from Avamar is to get data from it's back-end PostgreSQL database using DB-Connect or custom scripts. That's how we are doing it.

ansif · ‎06-26-2019

@nabeel652 : Could you please let me know the steps required for this integration.

gcusello · ‎06-26-2019

Hi nabeel652,
I'm not so sure about the problem because I had it two years ago and I didn't solved it!
Anyway, I activate syslogs on Avamar and I received them in Splunk, no particular activities.
Bye.
Giuseppe

ansif · ‎06-26-2019

@gcusello : Just checking with @nabeel652 on his comment on best way from postgresSQL.

aaggarwal99 · ‎07-16-2020

Hello, Can somebody share more details on integrations with Avamar.

Getting syslogs from Avamar

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!