Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configure SYSLog on a Windows Server

jesusgalloEMC
Explorer
‎01-30-2018 05:23 PM

Hello,

my question might be dumb but it is worth to ask,
On a Windows Servers, how do i configure to send the authentication.log to a Splunk heavy forwarder?
is this the same to say "I need to configure the syslog to be sent to the heavy forwarder?"

Thank you!

0 Karma
Reply

damode
Motivator
‎01-30-2018 08:00 PM
  1. Install a universal forwarder on your windows server
  2. During the installation, put Heavy Forwarder's IP in the Receiving Indexer field (and deployment server IP if you have one)
  3. Configure monitor input stanza in inputs.conf to point to the authentication.log
  4. restart the universal forwarder.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...