Networking with splunk- sending logs from personal...

navarone0161 · ‎06-24-2022

I'm trying to send logs from my personal router to AWS instance with Splunk capability . if there is a way i can do this from the cli needs help

gcusello · ‎06-25-2022

Hi @navarone0161,

I'm fully agree with @PickleRick, it isn't a good idea to send raw logs on Internet and there are many ways to do this that depend on your architecture.

Have you other data sources that send logs to your AWS Splunk instance?

If yes, you should use an Heavy Forwarder as a concentrator to take the logs from all your syslog data source and concentrate the logs from other Universal Forwarder, then you can send all those logs to your Splunk instance on AWS.

So you can open as less as possible connections between your infrastructure and Interned, in addition in this way you're using an encrypted connection.

If instead you have syslogs form only one appliance, I continue to discourage to send raw logs on internet, and you should put a local instance of Splunk to receive logs and forward them to your Cloud Instance.

Ciao.

Giuseppe

navarone0161 · ‎06-25-2022

"you should use an Heavy Forwarder as a concentrator to take the logs from all your syslog data source and concentrate the logs from other Universal Forwarder, then you can send all those logs to your Splunk instance on AWS"

Can you help me with the steps please using a new gen spectrum router

gcusello · ‎06-27-2022

Hi @navarone0161,

I don't know this kind of router, but anyway the first thing you need is a machine that works as an Heavy Forwarder, the the steps are the following:

on the HF, enable Forwarding to the address of the Indexers on AWS [Settings -- Forwarding and Receiving -- Forwarding],
on the HF, enable Network input in [Settings -- Input -- Network Input]
on the HF, add the requested information (protocol, port and eventually source IP]
on the router enable syslog sending using the IP address of the HF and protocol and port that you configured in the HF.

Ciao.

Giuseppe

navarone0161 · ‎07-09-2022

,

navarone0161 · ‎07-09-2022

im using 8.2.6

navarone0161 · ‎07-05-2022

Thanks your awesome

gcusello · ‎07-05-2022

Hi @navarone0161,

good for you, see next time!

Please accept one answer for the other people of Community

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

PickleRick · ‎06-25-2022

To receive syslogs a Universal Forwarder would suffice. But we don't even know if the "personal router" the OP mentioned does syslog. We assumed it does so because most network appliances do.

navarone0161 · ‎06-25-2022

Can you please provide me with steps how to do this from a new spectrum router

PickleRick · ‎06-25-2022

There are several possibilities from which most extreme and most discouraged is to send raw syslog over internet.

Depends on the source and your overall architecture.

navarone0161 · ‎06-25-2022

its a one time class assignment i really need help

yeasuh · ‎06-27-2022

Hello navarone0161, Thank you for participating in the Splunk Community.

It could help our volunteer users to guide you if you provided more details on your assignment and where you are getting stuck.

Networking with splunk- sending logs from personal router to AWS

capacity planning

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor