Getting Data In

Splunk add on for Citrix Netscaler

hectorvp
Communicator

Do I need dedicated syslog server to get syslog messages and then forward it using Universal Forwarder??Considering I've installed on Splunk add on for Netscaler over a HF. If this is to be then what is significance of having add on over UF.

   OR

Can I directly listen on heavy forwarder over a port 514 to get messages.Considering I've installed on Splunk add on for Netscaler over a HF.

 

Can I manage any configuration regarding this add on using Deployment Server?? Like managing which inputs to be monitored and all.

PS: I'm new with Netscaler

Labels (3)
0 Karma

splunkcol
Builder

I have a heavy forwarder which receives netscaler logs through syslog using port 514

then with inputs and outputs I forward the information to the indexers.

those apps are sometimes a headache about the configuration

0 Karma

hectorvp
Communicator

I've two netscaler appliances and don't have knowledge yet how heavily those would generate logs.

Is it ok if I go with 2nd option, to listen directly over HF for syslog messages and having splunk add on in place? Will this work fine...?

Or  should I get another server as a syslog server and having UF over it. Would I need this add on anymore on this dedicated syslog server.

PS: Having dedicated syslog server would increase costing and maintenance as well.

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...