Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is Syslog not listening to port 6514?

debjit_k
Path Finder
‎08-16-2022 06:42 AM

There is a scenario like one of our trend micro DDA is not reporting to our syslog server.

Why it is not reporting 

Previously we use port 514 and now we are using port 6514 but 6514 is not reporting to syslog. And we want both the listening port 514 and 6514.

My question 

1. Can we have both the port open on our syslog I.e. 514 and 6514 

2. How to enable the port listing on our syslog for the port 6514 

 

Thank you 

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-16-2022 07:12 AM

Hi @debjit_k,

are you speaking of enabling a port syslog receiving in Splunk or using a different system (e.g. r-syslog)?

if you are speaking of Splunk syslog receiving, you can enable on Splunk al the ports you like, but only the ones permitted by your operative system.

If a port is already in use, you have an error in Splunk, but it's configurable by conf file instead by GUI.

So the real questions are:

  • can the Operative system of the receiver use the 6514 port?
  • can the sender send logs on port 6514?

As you can see the question isn't more on Splunk, but outside it.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...