https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24634#M3909 <P>Is that really the correct syntax on your Cisco device? Shouldn't it be "logging host 192.168.1.7"?</P> Wed, 08 May 2013 20:08:15 GMT Ayn 2013-05-08T20:08:15Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24629#M3904 <P>I configure syslog on my cisco router and switch, and I am no receiving any data into my splunk server. Yes I enable syslog on my devices and i enable port 514 on splunk server</P> <P>thanks</P> Sun, 05 May 2013 17:05:04 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24629#M3904 carcab 2013-05-05T17:05:04Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24630#M3905 <P>Did you enable TCP or UDP in the Splunk configuration? What level of logging did you choose for your cisco devices? what OS are you using for your splunk server? </P> Sun, 05 May 2013 17:55:52 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24630#M3905 Voltaire 2013-05-05T17:55:52Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24631#M3906 <P>Except Splunk is running as root/privileged user (not recommended), It would not listen on ports below 1024. Syslog uses UDP 514. You could also have your iptables redirect port 514 to a higher port which splunk can listen on.</P> Sun, 05 May 2013 23:43:49 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24631#M3906 seunomosowon 2013-05-05T23:43:49Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24632#M3907 <P>Maybe a kernel security, Did you checked this answer ?<BR /> <A href="http://splunk-base.splunk.com/answers/12876/splunk-running-on-my-linux-server-is-only-showing-me-events-from-my-local-subnet-what-is-going-on">http://splunk-base.splunk.com/answers/12876/splunk-running-on-my-linux-server-is-only-showing-me-events-from-my-local-subnet-what-is-going-on</A></P> Mon, 06 May 2013 06:58:37 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24632#M3907 yannK 2013-05-06T06:58:37Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24633#M3908 <P>I think the problem that I have is on my cisco devices configuration. If anyone can help me with this configuration, I will thank you. </P> <P>I am using windows 7 for Splunk server.</P> <P>I enable TCP and UDP in the Splunk configuration.</P> <P>On my cisco devices I configure them with this commands: #logging 192.168.1.7 this address is splunk server. </P> <P>On Splunk server: - Data Inputs UDP ( Listen on a UDP port for incoming data, e.g. syslog). <BR /> -New<BR /> -UDP port 514<BR /> -Set source type: From list<BR /> -Select source type from list: Syslog<BR /> -Save.<BR /> -What level of logging did you choose for your cisco devices? How to change the level of logging for you cisco device?<BR /> -Except Splunk is running as root/privileged ? How to run splunk as a root or privileged?</P> Wed, 08 May 2013 19:54:55 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24633#M3908 carcab 2013-05-08T19:54:55Z https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24634#M3909 <P>Is that really the correct syntax on your Cisco device? Shouldn't it be "logging host 192.168.1.7"?</P> Wed, 08 May 2013 20:08:15 GMT https://community.splunk.com/t5/Getting-Data-In/syslog-is-not-working/m-p/24634#M3909 Ayn 2013-05-08T20:08:15Z