Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why aren't the logs coming in from a Linux server

test_qweqwe
Builder
‎11-28-2017 02:24 AM

I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.

What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

test_qweqwe
Builder
‎11-28-2017 11:26 PM

The problem was that one linux was in another subnet without access to the heavy forwarder.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

test_qweqwe
Builder
‎11-28-2017 11:26 PM

The problem was that one linux was in another subnet without access to the heavy forwarder.

0 Karma
Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎11-28-2017 03:21 PM

Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂

Reply
Solved! Jump to solution

test_qweqwe
Builder
‎11-28-2017 11:28 PM

Hello, @lfedak!
I did as you said.

P.S. Nice to see you again in my questions 😄

Reply
Get Updates on the Splunk Community!

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

❄️ Welcome the new year with our January lineup of Community Office Hours, Tech Talks, and Webinars! 🎉 ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...