Critical Syslog Server Tricks

aydinmo · ‎06-16-2021

Hi all,

I have a large environment to deploy Splunk cloud and trying to leverage the syslog server (Rsyslog) in front of a load balancer, with UF on top.

As per my research, I have found a wonderful document which automates the inputs.conf and props.conf creation based on an excel sheet, relying on separation based on devices hostnames.

The link for documentation is here: https://conf.splunk.com/files/2017/slides/the-critical-syslog-tricks-that-no-one-seems-to-know-about...

I'm wondering if anyone has used the provided scripts for this automation? I couldn't find any explanation on how the python scripts work?

link to gitlab: https://gitlab.com/rationalcyber/splunk_syslog_inputs

link to script: https://gitlab.com/rationalcyber/splunk_syslog_inputs/-/tree/master/src

Thanks in advance!

evilgeorge · ‎04-18-2023

@aydinmo did you get this resolved? I'm one of the presenters of that 2017 .conf talk; please let me know if there were any hurdles you couldn't get past.

Critical Syslog Server Tricks

CSV

host

index

inputs.conf

monitor

props.conf

scripted input

source

sourcetype

syslog

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Critical Syslog Server Tricks