Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Printer logs

aleksandarrrc
Explorer
‎10-15-2012 12:25 AM

Hello,
Is there any manual, where i can see how to collect print logs from remote machine?
The printer from which i have to collect event logs is Lexmark X464 de.

Edit:
I configured Lexmark to send audit logs, to ip of the machine where Splunk is installed. I also configured syslog UDP port in SplunkWeb but it still don't collect event logs from printer.
Is there at least any command in cmd to test connections between printer and Splunk.
Thanks in advance.

Last Edit:
Sry for the question, problem solved!

Tags (1)
0 Karma
Reply

tskinnerivsec
Contributor
‎10-16-2012 03:55 AM

I know you solved your issue, but the best way to test your connection between the printer and the splunk instance would be to use tcpdump if it is a linux system (tcpdump -i eth0 (or whatever your interface name is) port 514 (or whatever port you are sending syslog to). If splunk was running on a windows computer, you could use a tool like wireshark to listen for the syslog traffic. If you see the traffic and still didn't see it in your instance, I would check the host based firewall. Anti-virus shouldn't have anything to do with it.

0 Karma
Reply

Drainy
Champion
‎10-16-2012 03:59 AM

In this case the packets were still arriving on the computer but a software firewall was playing up after a botched uninstall and was still blocking them, there was quite a bit of troubleshooting yesterday in the IRC channel 🙂

0 Karma
Reply

aleksandarrrc
Explorer
‎10-16-2012 01:40 AM

The solution was to make sure, that both firewall and Antivirus are turned off.

0 Karma
Reply

aleksandarrrc
Explorer
‎10-16-2012 03:45 AM

That is certainly, more precise answer 🙂

Reply

Drainy
Champion
‎10-16-2012 01:44 AM

Well, I wouldn't neccessarily say turn off the antivirus, just be sure that it isn't interfering with Splunks operation and that any built in firewall has exceptions for your ports. As I understand it you just had a botched install/uninstall which isn't quite the same as needing both off 🙂

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...