https://community.splunk.com/t5/Getting-Data-In/retrieving-log-files-from-my-router/m-p/20924#M3080 <P>Everything depends on your router model. The normal way to collect log entries from a router is via syslog.</P> <P>There are two things you'll need to do:</P> <OL> <LI>Configure the router to send syslog data</LI> <LI>Configure Splunk to receive the data.</LI> </OL> <P>For Cisco routers, the command is: <B></B></P> <PRE><CODE>logging 172.16.1.20 </CODE></PRE> <P> Of course, replace the IP address with that of your Splunk server. There are plenty of <A href="http://articles.techrepublic.com.com/5100-10878_11-6084442.html" rel="nofollow">other</A> syslog references out there. For Juniper, <A href="http://www.juniper.net/techpubs/software/junos/junos55/swconfig55-getting-started/html/sys-mgmt-summary49.html" rel="nofollow">this</A> may help. Many home-class routers have an option to export syslog as well, typically buried under an "Advanced" menu somewhere.</P> <P>On the Splunk side, you can either <A href="http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports?r=searchtip" rel="nofollow">configure a Splunk listener</A> on port 514/udp, or you can configure your syslog server to write out to a file and index that. For the latter approach, here's how to <A href="http://answers.splunk.com/questions/8912/syslog-ng-filter-by-ip" rel="nofollow">configure using syslog-ng</A>. </P> <P>It's also possible to enable remote logging with <A href="http://www.enterprisenetworkingplanet.com/netos/article.php/3521481/Enhance-Security-with-a-Linux-Logging-Server.htm" rel="nofollow">other</A> syslog daemons, though you may lose some flexibility. On Windows, look for <A href="http://www.kiwisyslog.com/" rel="nofollow">Kiwi Syslog</A>.</P> Thu, 06 Jan 2011 08:57:46 GMT southeringtonp 2011-01-06T08:57:46Z https://community.splunk.com/t5/Getting-Data-In/retrieving-log-files-from-my-router/m-p/20923#M3079 <P>I'm a new user of splunk, (demo) I wanted to analyze data from my router. Do I have to modify any setting in my router in order to have the files forwarded to the splunk directory?</P> <P>Thanks</P> Thu, 06 Jan 2011 00:37:35 GMT https://community.splunk.com/t5/Getting-Data-In/retrieving-log-files-from-my-router/m-p/20923#M3079 arobinson 2011-01-06T00:37:35Z https://community.splunk.com/t5/Getting-Data-In/retrieving-log-files-from-my-router/m-p/20924#M3080 <P>Everything depends on your router model. The normal way to collect log entries from a router is via syslog.</P> <P>There are two things you'll need to do:</P> <OL> <LI>Configure the router to send syslog data</LI> <LI>Configure Splunk to receive the data.</LI> </OL> <P>For Cisco routers, the command is: <B></B></P> <PRE><CODE>logging 172.16.1.20 </CODE></PRE> <P> Of course, replace the IP address with that of your Splunk server. There are plenty of <A href="http://articles.techrepublic.com.com/5100-10878_11-6084442.html" rel="nofollow">other</A> syslog references out there. For Juniper, <A href="http://www.juniper.net/techpubs/software/junos/junos55/swconfig55-getting-started/html/sys-mgmt-summary49.html" rel="nofollow">this</A> may help. Many home-class routers have an option to export syslog as well, typically buried under an "Advanced" menu somewhere.</P> <P>On the Splunk side, you can either <A href="http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports?r=searchtip" rel="nofollow">configure a Splunk listener</A> on port 514/udp, or you can configure your syslog server to write out to a file and index that. For the latter approach, here's how to <A href="http://answers.splunk.com/questions/8912/syslog-ng-filter-by-ip" rel="nofollow">configure using syslog-ng</A>. </P> <P>It's also possible to enable remote logging with <A href="http://www.enterprisenetworkingplanet.com/netos/article.php/3521481/Enhance-Security-with-a-Linux-Logging-Server.htm" rel="nofollow">other</A> syslog daemons, though you may lose some flexibility. On Windows, look for <A href="http://www.kiwisyslog.com/" rel="nofollow">Kiwi Syslog</A>.</P> Thu, 06 Jan 2011 08:57:46 GMT https://community.splunk.com/t5/Getting-Data-In/retrieving-log-files-from-my-router/m-p/20924#M3080 southeringtonp 2011-01-06T08:57:46Z