Need some help here, sure you guys are really.
White me with some inside on how I can use containers better.
Get the logs from Firewall > Synology > Docker Container[splunk-splunk]
Logs are being sent out from origin: syslog server
Created an entry in the syslog server to send messages to IP:6515 (Synology DSM)
Modified port settings at Docker to have a Local port:6515 | Container port:9997
Docker bridge displays auto subnet 172.17.0/16 with gateway 172.17.0.1
At this moment I can access the Splunk web GUI under localhost:8000 with no problem, I see "ALL" logs tagged with a sourcing IP 172.17.0.1 that belongs to the bridge Gateway on the docker driver.
If the desired goal is to monitor the logs from the syslog server in a more verbose manner, how you guys advise configuring the receiving aspect of Docker (container/Splunk) to make this happen.
Log detail sample:
datezone = local
host = 172.17.0.1
process = filterlog
source = udp:9997
sourcetype = syslog
splunkserver = 039974fdab5a
timeendpos = 15
similar question here:
other resources previously reviewed by splunk: