I have configured netscaler to to send logs over to splunk. I am receiving audit logs to splunk. I have used IPFIX addon to collect appflow logs from my netscaler, I have configured appflow collectors, actions and policies, but i am not able to receive any appflow information to my splunk instance. I am getting the below message in /opt/splunk/var/log/splunk/ipfix.log
CRITICAL pid=94058 tid=MainThread file=ModInput.py:stream_events:107 | Unable to bind [ipfix://appflow] XX.XX.XX.XX:1515
2018-04-12 09:27:16,368 CRITICAL pid=94058 tid=MainThread file=event_writer.py:log:120 | Traceback (most recent call last): || File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/splunklib/modularinput/script.py", line 74, in run_script || self.stream_events(self._input_definition, event_writer) || File "/opt/splunk/etc/apps/Splunk_TA_ipfix/bin/IPFIX/ModInput.py", line 105, in stream_events || s.bind((bind_host, bind_port)) || File "/opt/splunk/lib/python2.7/socket.py", line 228, in meth || return getattr(self._sock,name)(*args) || error: [Errno 99] Cannot assign requested address
my ipfix inputs.conf is as below
[ipfix://appflow]
address = XX.XX.XX.XX
buffer = 10485760
index = netscaler
port = 1515
interval = 300
I am getting data when i search for
sourcetype="citrix_netscaler"
I have audit logs coming on port 1514, Appflow is configured on 1515.
I have no information coming when I run the command
netstat -an | grep 1515
Any help is greatly appreciated.
Thank you.