https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79782#M16397 <P>Thanks for the quick response, I only see:</P> <P>[System]<BR /> UDP 0.0.0.0:514 <EM>:</EM><BR /> Splunkd</P> <P>Strangely, I could add it via the command line with:</P> <P>C:\Program Files\Splunk\bin&gt;splunk add udp 514 -sourcetype syslog<BR /> Listening for UDP input on port 514.</P> <P>C:\Program Files\Splunk\bin&gt;splunk list udp<BR /> Listening for input on the following UDP ports:<BR /> 514<BR /> 51414</P> <P>And the port appears in the GUI. If I then delete from the GUI I can then re-add it - odd!</P> Wed, 02 Oct 2013 13:47:07 GMT jslater 2013-10-02T13:47:07Z https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79780#M16395 <P>Hi All,</P> <P>I've installed Splunk on a Windows 2008R2 server and am trying to get it to receive syslog messages on the default UDP 514 port. Adding this in via Data Inputs results in "UDP port 514 is not available" which I have seen means it's already pre-defined, and is backed up by messages in the log:</P> <P>10-02-2013 13:37:38.017 +0100 ERROR AdminManager - Parameter name: UDP port 514 is not available.<BR /> 10-02-2013 13:50:30.488 +0100 INFO TcpInputConfig - IPv4 port 514 is reserved for raw input</P> <P>However, Splunk is not receiving anything over this port. I have confirmed this is open/working by downloading another open source syslog receiver on the same server, &amp; this is quite happily receiving syslog messages from my test clients.</P> <P>Similar questions posed have all been Linux related, is there anything special that needs to be done on a Windows server?</P> <P>Thanks.</P> Wed, 02 Oct 2013 13:16:23 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79780#M16395 jslater 2013-10-02T13:16:23Z https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79781#M16396 <P>Sounds like port 514 is already in use on the windows server. Can you validate ports in use by which processes via netstat -b -a.</P> Wed, 02 Oct 2013 13:37:24 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79781#M16396 sdaniels 2013-10-02T13:37:24Z https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79782#M16397 <P>Thanks for the quick response, I only see:</P> <P>[System]<BR /> UDP 0.0.0.0:514 <EM>:</EM><BR /> Splunkd</P> <P>Strangely, I could add it via the command line with:</P> <P>C:\Program Files\Splunk\bin&gt;splunk add udp 514 -sourcetype syslog<BR /> Listening for UDP input on port 514.</P> <P>C:\Program Files\Splunk\bin&gt;splunk list udp<BR /> Listening for input on the following UDP ports:<BR /> 514<BR /> 51414</P> <P>And the port appears in the GUI. If I then delete from the GUI I can then re-add it - odd!</P> Wed, 02 Oct 2013 13:47:07 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79782#M16397 jslater 2013-10-02T13:47:07Z https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79783#M16398 <P>Various things on the internet suggest that Windows XP SP2 and newer may actually be sane and require certain privileges to be able to a bind/listen on a port &lt; 1024. Does the user running the Splunk service have administrative privileges on the server?</P> Mon, 07 Oct 2013 22:10:51 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-not-receiving-syslog-messages/m-p/79783#M16398 dwaddle 2013-10-07T22:10:51Z