Getting Data In

Why am I not getting syslogs on port 512?

New Member

I am new to Splunk and I have it installed on my PC at work. I have Aruba Clear Pass syslog target set to forward to my PC's IP on port 512, UDP.
Search field in Splunk is : source="udp:512" sourcetype="syslog". Not getting any results when I run a search.

I tried port 514, UDP as well and still getting nothing. Wondering if its an IOS version issue as I'm running Windows 7 on my PC?

0 Karma

Path Finder

If you are not running the Splunk process as "root" you will not be able to access port below 1024 on Linux systems.

On Windows, do a netstat -na and look for port 514 to be "listening"

Also, what is the destination index you have set for the syslog data? Have you tried index=* sourcetype="syslog" ?

0 Karma

Splunk Employee
Splunk Employee
  1. Do you have Windows firewall active and configured to allow 512/udp traffic to pass through?
  2. Do you have a Splunk listener configured to listen on port 512?
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!