Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Trying to capture cisco syslog errors

wingnut144
New Member
‎12-11-2012 11:38 AM

I just installed Splunk, and pointed my Cisco switch and router at the Splunk server IP, and told the server to listen on port 514.

Nothing is coming in to the Splunk system.

Did I miss something????

Tags (1)
0 Karma
Reply

dayakadam
New Member
‎09-15-2017 07:50 AM

On the Splunk server, you must listen to UDP port 514 by going Manager -> Data Inputs -> and click Add New to UDP.

0 Karma
Reply

nathan01
New Member
‎05-08-2017 04:59 AM

Hello,

Please does anyone have a response to the above. I am having similar issues. Not receiving any log messages on splunk from my cisco switch. There is no firewall between the devices, and i have set up splunk to listen for TCP and UDP port 514 however switches are using UDP port 514.

Thanks

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-08-2017 06:58 AM

This thread is more than 4 years old. You're more likely to get a response by posting a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

mvasquez2
New Member
‎03-15-2016 09:53 AM

i have a similar issue but I am only getting log msgs that start with "%SYS". I need to get all the data as I am running debugs. those are scrolling on the terminal screen but are not being sent to Splunk for some reason.

0 Karma
Reply

dustinmalley
Engager
‎01-09-2013 09:01 AM

I had an issue with this at fist.

Ensure that you have the following configured on your Cisco devices:

logging trap (trap level)
logging host (Splunk Server) transport (tcp | udp) port (514)
logging on

In Splunk's Data Inputs:

Add a TCP or UDP type (I use TCP) and ensure that it's setup for 514 and the sourcetype is syslog

After that, I'd check to see if you have a firewall blocking port 514 (or whatever you're using) to your Splunk server.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...