Deployment Architecture
Highlighted

Collect logs from remote hosts

New Member

Hi,

How can you collect Logs that are located on different machines with splunk?

We have to collect text-based log files written by our software components (log4j, log4net).

Kind Regards, Salem

Tags (3)
0 Karma
Highlighted

Re: Collect logs from remote hosts

Motivator

Hello

If you had access to that hosts, and you can install an agent on them, then the best way is to use the Splunk Universal Forwarder and configure it to monitor the logs you want to index. Please reffer to:

http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Aboutforwardingandreceivingdata

Regards

Highlighted

Re: Collect logs from remote hosts

New Member

To successfully collect event logs from remote Windows host(s), you have to enable the following inbound firewall rules on the remote Windows host(s):
Windows Management Instrumentation (Async-In)
Windows Management Instrumentation (WMI-In)
Windows Management Instrumentation (DCOM-In)

Also, enable Remote Enable in WMI's Properties on the remote Windows host(s):
1. Open Computer Management and expand Services and Applications.
2. Right-click WMI Control and click Properties.
3. Click the Security tab then click the Security button.
4. Under Group or user names, select/highlight Authenticated Users.
5. Under Permissions, check the box for Remote Enable.
6. Click OK on this dialogue box and the Properties dialogue box to finish.

You should now be able to remotely collect event logs on this Windows computer with WMI. These settings have been verified on Win XP/7/8/and 10 and should be no different for any/future Win OS versions and should be doable via Group Policy for an entire network of computers.

0 Karma