Solved: Why aren't the logs coming in from a Linux server

test_qweqwe · ‎11-28-2017

I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.

What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?

test_qweqwe · ‎11-28-2017

The problem was that one linux was in another subnet without access to the heavy forwarder.

View solution in original post

test_qweqwe · ‎11-28-2017

The problem was that one linux was in another subnet without access to the heavy forwarder.

lfedak_splunk · ‎11-28-2017

Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂

test_qweqwe · ‎11-28-2017

Hello, @lfedak!
I did as you said.

P.S. Nice to see you again in my questions 😄

Why aren't the logs coming in from a Linux server

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All