I think the problem that I have is on my cisco devices configuration. If anyone can help me with this configuration, I will thank you.
I am using windows 7 for Splunk server.
I enable TCP and UDP in the Splunk configuration.
On my cisco devices I configure them with this commands: #logging 192.168.1.7 this address is splunk server.
On Splunk server: - Data Inputs UDP ( Listen on a UDP port for incoming data, e.g. syslog).
-New
-UDP port 514
-Set source type: From list
-Select source type from list: Syslog
-Save.
-What level of logging did you choose for your cisco devices? How to change the level of logging for you cisco device?
-Except Splunk is running as root/privileged ? How to run splunk as a root or privileged?
... View more