https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/543727#M4870 <P>Hi,</P><P>Is the server is red hat or Ubuntu?</P><P>Can you check is there any extension after messages like mesages.log?</P><P>Is there any error in splunkd.log?</P><P>If everything is right can you remove the blacklist and&nbsp;<SPAN>ignoreOlderThan from the stanza and restart the forwarder and check again.&nbsp;</SPAN></P> Sun, 14 Mar 2021 12:40:41 GMT Vardhan 2021-03-14T12:40:41Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/543723#M4869 <P>&nbsp;</P><P>I am not receiving the <STRONG>/var/log/messages</STRONG> from linux server.&nbsp; I have written the stanza to monitored the <STRONG>var/log/massages</STRONG> in inputs.conf , Although receiving the <STRONG>var/log/audit.lo</STRONG>g and /<STRONG>var/log/secure.log,</STRONG> also given the read permission to splunk user for <STRONG>var/log</STRONG>&nbsp;directory .&nbsp; And&nbsp; mesage logs are generating continuously&nbsp; at the remote side but still not receiving message logs.&nbsp;</P><P>[monitor:///var/log/messages]<BR />disabled = 0<BR />index = linux<BR />blacklist = .*csv$<BR />ignoreOlderThan = 1d</P> Sun, 14 Mar 2021 12:01:21 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/543723#M4869 Pavankumar 2021-03-14T12:01:21Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/543727#M4870 <P>Hi,</P><P>Is the server is red hat or Ubuntu?</P><P>Can you check is there any extension after messages like mesages.log?</P><P>Is there any error in splunkd.log?</P><P>If everything is right can you remove the blacklist and&nbsp;<SPAN>ignoreOlderThan from the stanza and restart the forwarder and check again.&nbsp;</SPAN></P> Sun, 14 Mar 2021 12:40:41 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/543727#M4870 Vardhan 2021-03-14T12:40:41Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545260#M4923 <P>I am facing this issue on Linux machine (red hat and centos )</P><P><SPAN>there any&nbsp; no extension after messages</SPAN></P> Thu, 25 Mar 2021 05:48:53 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545260#M4923 Pavankumar 2021-03-25T05:48:53Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545316#M4924 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/232468">@Pavankumar</a>&nbsp;,</P><P>1)Can you run the command <STRONG>./splunk list inputstatus</STRONG> and check the status for /var/log/messages</P><P>2) Is there any error in Splunkd.log?</P><P>go to /opt/splunkforwarder/var/log/splunk</P><P>cat splunkd.log | grep -i error&nbsp; &nbsp; &nbsp;(check for any errors)</P><P>3)Did u restarted the forwarder after deploying the config? And did u check the permissions are the same for /var/log/secure and /var/log/messages?</P><P>&nbsp;</P> Thu, 25 Mar 2021 10:01:31 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545316#M4924 Vardhan 2021-03-25T10:01:31Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545344#M4925 <P>If you are running UF as splunk user you should check that this user has read access to this (and other needed logs). Quite often those needs to grant separately.</P> Thu, 25 Mar 2021 10:59:50 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/545344#M4925 isoutamo 2021-03-25T10:59:50Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/546325#M4948 <P>I have receiving log through host name in some servers messages.log not receiving <SPAN>&nbsp;Although receiving the&nbsp;</SPAN><STRONG>var/log/audit.lo</STRONG><SPAN>g and /</SPAN><STRONG>var/log/secure.log</STRONG></P><P>but in some server facing issue like&nbsp; if the host name is for example "<STRONG>test.ab.co.in</STRONG> " when checking log though&nbsp;<STRONG> host=&nbsp;test.ab.co.in&nbsp;</STRONG>then received&nbsp;<STRONG>var/log/audit.lo</STRONG><SPAN>g and /</SPAN><STRONG>var/log/secure.log.&nbsp; Not receiving&nbsp; Messages log .&nbsp; But&nbsp;</STRONG>when searching&nbsp; <STRONG>host=test&nbsp; then I can receiving Messages log..</STRONG></P> Thu, 01 Apr 2021 05:36:14 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/546325#M4948 Pavankumar 2021-04-01T05:36:14Z https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/546398#M4950 <P>Hi</P><P>what you will get with commands hostname and uname -a ?</P><P>you could add host = &lt;your hostname&gt; to inputs.conf if needed.</P><P>r. Ismo</P> Thu, 01 Apr 2021 16:55:42 GMT https://community.splunk.com/t5/Monitoring-Splunk/I-not-receiving-var-log-messages-from-the-Linux-Server/m-p/546398#M4950 isoutamo 2021-04-01T16:55:42Z