I am not getting data to my indexer(centos) from fortigate firewall. Port 514 is open but i am unable to telnet. Is there any config file i need to edit to receive data?
Please refer https://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitornetworkports for configuration of UDP port on splunk indexer side but you need to keep in mind that if you are running splunk with any user (except root) then splunk will not able to occupy 514 port because only root user can access ports below 1024 in this case either you need send UDP traffic on >1024 from fortigate or you need to do configuration in iptables to map port <1024 with port >1024.
Please refer https://docs.splunk.com/Documentation/Splunk/6.6.3/Data/Monitornetworkports for configuration of UDP port on splunk indexer side but you need to keep in mind that if you are running splunk with any user (except root) then splunk will not able to occupy 514 port because only root user can access ports below 1024 in this case either you need send UDP traffic on >1024 from fortigate or you need to do configuration in iptables to map port <1024 with port >1024.
