Getting Data In

ESXi, Vmware, logs by udp syslog

test_qweqwe
Builder
  1. Installed addon Splunk_TA_esxilogs from https://splunkbase.splunk.com/app/3215/ and moved to /depployment-apps
  2. Configured esxi by https://wiki.splunk.com/Community:VMwareESXSyslog so it send logs to my heavy forwarded which have open port 514.

Logs do not come. Where I missed?

Tags (4)
0 Karma

nickhills
Ultra Champion

The VMware deployment is quite complex:
http://docs.splunk.com/Documentation/AddOns/released/VMW/Collectionconfiguration

However, assuming you just want to capture the syslog, have you configured a UDP input on your heavy forwarder/indexer?
The TA wont set this up for you.

If you have, then its all the usual suspects to check next, addresses/firewalls/routes etc,

If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...