I have a host that is sending different logs to Splunk, this host sends various logs successfully except for the syslog-ng logs.
Here you have an example of the inputs config (there are 3 inputs in this way not being received by Splunk)
disabled = false
host = xxxxxxxxxx
index = syslog
sourcetype = cisco:ise
- Inputs appear when using the command 'splunk list monitor', then it doesn't seem a permissions issue.
- Other logs are being successfully ingested by this host.
- the syslog-ng is working as expected and it is receiving and storing logs on the hdd
Does anyone has an idea of steps I can follow to troubleshoot this?
Thanks in advance,