Deployment Architecture

Why aren't the logs coming in from a Linux server

test_qweqwe
Builder

I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.

What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?

0 Karma
1 Solution

test_qweqwe
Builder

The problem was that one linux was in another subnet without access to the heavy forwarder.

View solution in original post

0 Karma

test_qweqwe
Builder

The problem was that one linux was in another subnet without access to the heavy forwarder.

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂

test_qweqwe
Builder

Hello, @lfedak!
I did as you said.

P.S. Nice to see you again in my questions 😄

Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...