I'm trying to understand how sending logs works.
Today I have a PHP app that receive logs from and send it to Splunk.
But now, I need to change this for something that reads the logs and sends to improve performance. So I have found the Home Monitor . This it's seems very easy, but I'm very noob here.
My doubts are, how to configure this in my localhost to send to a remote Splunk host? And how to do this on my Windows (local) and Linux (staging, qa and prod).
I'm sorry if I'm asking for too much thing, but any tip it will be very helpful.
Hey there, I can try and help you out with your questions. First, the home monitor app was designed to take data from home routers and firewalls to show network traffic statistics such as blocked traffic from what IP's etc. What kind of logs are you sending from your PHP app? How are they formatted? Can you supply a sample event? I'll see what I can do to help out, but it should be easy to send you in the right direction.
Here's the concept with your scenario :
To send data from your app, install a Splunk Forwarder on your Windows or Linux machines (http://www.splunk.com/en_us/download/universal-forwarder.html ). Once they have been installed, then simply monitor the log file and have it send into the Home Monitor app on your Splunk enterprise machine.
Since I don't have any concrete sample data or any other settings, I can only speculate that your system will have a log type that the app will recognize by default.
There are other resources that can help with setting up your app, they include the Home Monitor App wiki on git : https://github.com/amiracle/homemonitor/wiki/1---Setup-home-%7C-monitor-app-for-Splunk and my blog posts : http://amiracle19.blogspot.com especially around troubleshooting : http://amiracle19.blogspot.com/2015/09/troubleshooting-home-monitor-app.html .
Using FIOS Quantum router.....remote administration says port 443/8443. I added these udp ports (via clone) buy still no data input coming into Splunk. Please advise
That port is not related to the Home Monitor App. Those ports are used to log into the router from remote locations. I would strongly advise against opening those ports. The port that the Splunk server should listen in on is UDP 514 (syslog).
It would be helpful if you updated your directions for Quantum router and latest version of your app..... Newbies like me cant get data into Splunk.
I would need to do some research on setting up this router. Let me ask you some questions about the router. Does it have a setting for sending syslog data?
Yes, it has some areas very similar to the router you used in your YouTube video. I can send you some screenshots of my settings if that would be helpful. Send me an email address please or write me at email@example.com