https://community.splunk.com/t5/Getting-Data-In/Trouble-getting-data-to-indexer-from-fortigate/m-p/306631#M93671 <P>I am not getting data to my indexer(centos) from fortigate firewall. Port 514 is open but i am unable to telnet. Is there any config file i need to edit to receive data?</P> Wed, 29 Nov 2017 05:36:29 GMT jibin1988 2017-11-29T05:36:29Z https://community.splunk.com/t5/Getting-Data-In/Trouble-getting-data-to-indexer-from-fortigate/m-p/306631#M93671 <P>I am not getting data to my indexer(centos) from fortigate firewall. Port 514 is open but i am unable to telnet. Is there any config file i need to edit to receive data?</P> Wed, 29 Nov 2017 05:36:29 GMT https://community.splunk.com/t5/Getting-Data-In/Trouble-getting-data-to-indexer-from-fortigate/m-p/306631#M93671 jibin1988 2017-11-29T05:36:29Z https://community.splunk.com/t5/Getting-Data-In/Trouble-getting-data-to-indexer-from-fortigate/m-p/306632#M93672 <P>Hi @jibin1988,</P> <P>Please refer <A href="https://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitornetworkports">https://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitornetworkports</A> for configuration of UDP port on splunk indexer side but you need to keep in mind that if you are running splunk with any user (except root) then splunk will not able to occupy 514 port because only root user can access ports below 1024 in this case either you need send UDP traffic on &gt;1024 from fortigate or you need to do configuration in iptables to map port &lt;1024 with port &gt;1024. </P> <P>I hope this helps.</P> <P>Thanks,<BR /> Harshil</P> Wed, 29 Nov 2017 09:31:45 GMT https://community.splunk.com/t5/Getting-Data-In/Trouble-getting-data-to-indexer-from-fortigate/m-p/306632#M93672 harsmarvania57 2017-11-29T09:31:45Z