I am running Splunk on Windows 7 64 bit and configured data adapters for syslog on TCP and UDP. I can see via Wireshark that syslog is making it to the main interface, Splunk is listening on 0.0.0.0:514 but I do not see any logs at all in Splunk and I verified splunkd is listening and I verified traffic is making it to the Win7 server
For Windows 7 you actually have to have the firewall on, not disabled, and create a rule allowing syslog traffic.
Took me way to long to figure that out, but hey, at least the next guy will know right?
This works now
0.0.0.0 indicates that it's listening on all network adapters.
I used Wireshark on Windows 7 to see the syslog via the 192.168.x.x interface, Windows firewall is off by default as this is within a closed subnet
Most of the time, you have to disable or configure the firewall on Windows 7.
What did you do to ascertain that your syslog traffic was making it to the Windows 7 desktop?
So this was my thought as well, but I do not see any logs at all in Splunk and I verified splunkd is listening and I verified traffic is making it to the Win7 server.