Getting Data In

Pulling printer logs and reporting via print server

Hiattech
Explorer

I have an odd task I'm trying to fulfill and I'm not entirely sure how to go about it. 

We have a print server that forwards logs to Splunk. We also have multiple printers that are on a separate VLAN that only the print server can see. The objective is to see if we can pull the logs directly from the printer and forward them to Splunk. From what I've been reading, this should be possible by setting up the print server as a sort of intermediate forwarder? I believe the process is to have the printers redirect their logs to the print server to a specific folder, then add that folder to the list of logs being reported in the Splunk forwarder. Does that sound correct?

Has anyone done this before? Any instructions that could make this easier? I'm fairly new to Splunk and I'm still learning how to set things up so as many details as possible would be helpful.

 

Thanks.

Labels (1)
0 Karma

meetmshah
Builder

Hello @PickleRick the other 4 points you mentioned was of no use, which is why it's not included in the answer.

Couple of points - 

1. The question author have mentioned - " I'm fairly new to Splunk and I'm still learning how to set things up so as many details as possible would be helpful." - Which is why the answer mentions about having everything at one place and monitor it later - which is usual practice.

2. Community answer initiate a "thread" where further discussion can be in place about what and how to achieve the solution

3. The question also mentions "I believe the process is to have the printers redirect their logs to the print server to a specific folder, then add that folder to the list of logs being reported in the Splunk forwarder. Does that sound correct?" - which is the one of the best way to monitor the logs from one place.

4. It's not copy-pasting answer, it's about taking a reference -> looking over authenticity -> Updating it as required and sharing with community. One could literary ask each and every Splunk Community question over GPT and paste the answers - but that's not being happened. We as a community wants to use new tools along with making sure whatever we are posting is authentic and actually helps the ones who posts here 🙂

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. Let me disagree here.

The answer, typically for ChatGPT had completely no technical details (which is understandable since the question had almost none).

And it was indeed copy-pasted.

https://chat.openai.com/share/0291a463-54f3-4fdb-97f7-c152ed1117f3

Anyone can put their question to so-called AI service and get an "answer". The power of this forum is that people can share their experience and expertise. Anyone can use a search engine.

0 Karma

meetmshah
Builder

Let me agree with your disagreement 🙂

Do you agree with the answer though is the question - The 4 points mentioned initially to centrally get the events on a single server and monitor the same?

0 Karma

PickleRick
SplunkTrust
SplunkTrust

No. This is not the answer. This is the general idea of the answer. There are no specifics which would depend on the details which the OP hasn't provided.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

The high-level idea is sound - use the common contact point to get data from some isolated network segment.

The issue here is the low-level design. We don't know what solution you're talking about, we don't know how data is being processed there, how/where the logs are stored and forwarded.

There are different possible approaches depending on how it all works (syslog? REST API? whatever?)

0 Karma

meetmshah
Builder

Yes, what you're describing is possible and it's a common approach to collect logs from devices that can't directly forward logs to Splunk. Here's a high-level overview of the steps involved:

  1. Configure Printers to Send Logs to Print Server: You'll need to configure your printers to send their logs to a specific location on the print server. This might involve setting up syslog or other logging configurations on the printers themselves to point to the print server's IP address and designate a specific directory for log files.

  2. Set Up a Log Forwarder on Print Server: On the print server, you'll need to set up a log forwarder to monitor the directory where the printers are sending their logs. This can be done using Splunk Universal Forwarder or any other log forwarding mechanism suitable for your environment (like syslog-ng).

  3. Configure Splunk Forwarder to Monitor Log Directory: Once the print server is receiving logs from the printers, you'll need to configure the Splunk forwarder on the print server to monitor the directory where the logs are being received. This involves adding a new monitor stanza in the inputs.conf file of the Splunk forwarder.

  4. Verify and Test Configuration: After configuring everything, you'll need to verify that logs are being received by the print server from the printers and that the Splunk forwarder on the print server is successfully forwarding those logs to your Splunk indexer or another forwarder.

In a nutshell, the idea to have everything available at one place and monitor instead of onboarding / installing TA individually on each host.

 

Please accept the solution and hit Karma, if this helps!

0 Karma

PickleRick
SplunkTrust
SplunkTrust

When copy-pasting from chatgpt you forgot to include the rest of the "answer".

[...]

Here are some additional tips:

  • Check printer documentation: Start by checking the documentation for your printers to see if they support forwarding logs, and if so, how to configure it.

  • Test in a lab environment: Before implementing this in a production environment, it's a good idea to test the setup in a lab environment to ensure everything works as expected.

  • Security considerations: Make sure to consider security implications, especially when configuring devices to forward logs to other systems. Ensure that communication between the printers, print server, and Splunk instance is secure.

  • Consult Splunk documentation: Splunk documentation is comprehensive and can provide detailed guidance on setting up forwarders and configuring inputs.

By following these steps and considering the tips provided, you should be able to set up a system where printer logs are forwarded to Splunk via an intermediate print server. If you encounter any specific issues or have further questions, feel free to ask!

[...]
 
Come on, people. What are you trying to achieve by posting such generic chatgpt-generated responses? This doesn't solve anything but only "dilutes" quality of responses on Answers.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...