Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I tried by all means to recover syslogs from a Cisco switch and router but I can not.

fdi01
Motivator
‎01-19-2015 11:37 PM

Hello,
I am currently training on centralization of the analysis of logs and I find myself stuck. Indeed, I was able to get on my Splunk server the data from a Windows server. However, I tried by all means to recover syslogs from a Cisco switch and router but I cannot. Yet I have configured Splunk to listen on port 514 but nothing happens ...
Last note, my Splunk forwarder is installed on Windows 7.
Thank you for your answers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

fdi01
Motivator
‎01-20-2015 04:38 AM

Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:

  • On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).

  • On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.

Make sure your firewall is not blocking and it should work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

fdi01
Motivator
‎01-20-2015 04:38 AM

Ok so I found it was just the Windows firewall was blocking
For future that will have worries of configuration, here's what to do to recover syslogs:

  • On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP. The minimum is complete the source type (Manual, syslog or From list, syslog).

  • On the device (switch in my case) you are ordering: LoggingIPserveur and that's ALL.

Make sure your firewall is not blocking and it should work.

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎01-20-2015 12:38 AM

Give more details on where you're getting stuck. Did you configure the Cisco devices to actually send syslog to your Splunk server?

Reply
Solved! Jump to solution

fdi01
Motivator
‎01-20-2015 04:43 AM

thank you the essaieAyn
but I just found the solution to the problem was the firewall c

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...