Security

Noob - Evaluation Setup MailFoundry

nowdata
New Member

I'm evaluating splunk specifically to work with MailFoundry syslogs. I have splunk setup and it's reading local logs, no problem. Problem: can't get it grab files from the remote MailFoundry server. Semi-clueless MailFoundry support tell me that the appliance uses UDP port 514 for syslog output. This port is open between the machines, but I'm getting the error:

"Encountered the following error while trying to save: In handler 'udp': Parameter name: UDP port 514 is not available.

I get the same error when trying TCP 25.

Any advice? Any MailFoundry users?

Tags (1)
0 Karma

_d_
Splunk Employee
Splunk Employee

Nowdata,

Two possible reasons:

  1. It is very likely that Splunk is not able to use port 514 because it may be already in use by another process. Check the system and inspect it for any services that are listening on that port and disable them (perhaps this is a syslog process).
  2. If you are running splunk as a non-root user in Linux (or any UNIX-like system, in general) then you can't have it listen on a trusted port (trusted ports are ports <1024). The general recommendation here is to run splunk as root or have it listen on different port (ex. 5514).

Hope this helps.

> please upvote and accept answer if you find it useful - thanks!

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...