Solved: Re: Not receiving readable logs from Brocade Switc...

nairv · ‎08-20-2018

We have added brocade switches to heavy forwarder via tcp:6514. We are able to receive the logs , but not in a readable format.

\x00a\x00\x00]"e8H,W\xCC\xA7az\xB9\xFF\xFB\xFE\x9E\x8C
֋\xC5\xCBhQ\x8E\xD1a{\x00\x00\x00=\x005\x00<\x00/\x00
\x00\xFF\x00\x00(\x00#\x00\x00\x00
\x00 \x00

input.conf
[tcp://6514]
connection_host = dns
index = san
sourcetype = BROCADE_SWITCH

settings in Brocade switch

-secure -port 6514 to the syslogadmin --setip cmd

Switch type
2 model type 6520's
4 model type 5480
2 model- bvlfcsw100/200

nairv · ‎08-30-2018

The brocade switch has to be always pointed to UDP 514 in HF or UF. If we point towards any other port like how I was using TCP 6514 we receive only encrypted data and non readable since it becomes secured port.

View solution in original post

nairv · ‎08-30-2018

The brocade switch has to be always pointed to UDP 514 in HF or UF. If we point towards any other port like how I was using TCP 6514 we receive only encrypted data and non readable since it becomes secured port.

nairv · ‎08-30-2018

The issue has been solved now I am able to get readable logs from the brocade..

adonio · ‎08-30-2018

@nairv please share what you did to solve your challenge so others can learn

Not receiving readable logs from Brocade Switches

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation