- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- After setting up forwarders and trying to set a ne...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After setting up forwarders and trying to set a new data source in Splunk Cloud, why am I receiving the following error: "UDP port 514 is not available"
Hi,
i'm using Splunk Cloud edition. I've set up the forwarders in a new Windows 2012 R2 freshly installed.
So, when I try to set a new (first one) data source, i receive the error "UDP port 514 is not available" . But, the server doesn't have any syslog installed.
thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The storage of syslog information, or, in other words, a log administration and accessibility point of view. Since the information is being logged locally, a Splunk all inclusive forwarder can be introduced on the Syslog authority and forward the information to Splunk indexers. Install Syslog in your laptop without facing Error Code 0xc0000185 and send Syslog data to a server (or servers) functioning.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are sure there is no other process already using that port it is probably a firewall or permissions issue that prevents the Splunk process from using that port.
Any particular reason why you are running your forwarders on Windows? Especially for syslog data, it is usually recommended to use a linux server, with a syslog daemon on it that receives the data, writes it to disk and then install a forwarder on that same box to read those syslog files and send them to your indexer(s).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok, but, if Splunk tells that a syslog is possible to have on a Windows so, i don't know why i need to switch to linux.. is it better if they say that they have problems with the forwarders on Windows .
Marco
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not saying it is not possible, just that it is not the typically recommended way of doing things.
It should definitely be possible to get your windows hosted forwarder listening on port 514. You just need to figure out why it is being blocked and then fix that. If you are sure that it is not another process that is listening on that port already, my guess is windows firewall or some permissions issue.
I personally haven't seen this error before, so I don't have more concrete suggestions for fixing it (although I do vaguely recall reading about this sort of issue before here on Answers).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@infosoftcomet since you have forwarder installed on windows box why don't you push a inputs.conf to monitor log files? In the main question you didn't mention that you are wanting to send syslog messages. Please provide somemore information. If you wanna send syslog messages directly to syslog-ng servers or indexers you don't have to install splunk agent on your windows box. Destination should have port opened to listen on that.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
