Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why aren't the logs coming in from a Linux server

test_qweqwe
Builder
‎11-28-2017 02:24 AM

I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.

What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

test_qweqwe
Builder
‎11-28-2017 11:26 PM

The problem was that one linux was in another subnet without access to the heavy forwarder.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

test_qweqwe
Builder
‎11-28-2017 11:26 PM

The problem was that one linux was in another subnet without access to the heavy forwarder.

0 Karma
Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:21 PM

Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂

Reply
Solved! Jump to solution

test_qweqwe
Builder
‎11-28-2017 11:28 PM

Hello, @lfedak!
I did as you said.

P.S. Nice to see you again in my questions 😄

Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top