Deployment Architecture
Highlighted

Why aren't the logs coming in from a Linux server

Builder

I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.

What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?

0 Karma
Highlighted

Re: Why aren't the logs coming in from a Linux server

Splunk Employee
Splunk Employee

Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂

Highlighted

Re: Why aren't the logs coming in from a Linux server

Builder

Hello, @lfedak!
I did as you said.

P.S. Nice to see you again in my questions 😄

Highlighted

Re: Why aren't the logs coming in from a Linux server

Builder

The problem was that one linux was in another subnet without access to the heavy forwarder.

View solution in original post

0 Karma