Sorry for the new post, but the system seems to not let me add in comments on the original one.
Ok so I have now rebuilt my production machine a second time with Debian 6.0.6 and Splunk 5.0.2. I have configured my ASA5510 to send Syslog data through TCP/1470 (originally done for test machine and it worked). I have configured Splunk to accept Syslog data through TCP/1470 but again no data is coming in. I have checked the Netstat in Debian and the following is reported
Protocol – TCP, IP Source – 0.0.0.0, Port/Service – 1470, Status – Listen
Can somebody tell me if this is the proper configuration? I assume it is because I have done nothing different with respect to the Debian install between the original test box and the production box. The only difference I can see in the two is that the test box was using Splunk 5.0.1.
I am not overly familiar with Linux and Splunk so any help would be appreciated.
... View more