Everything depends on your router model. The normal way to collect log entries from a router is via syslog.
There are two things you'll need to do:
- Configure the router to send syslog data
- Configure Splunk to receive the data.
For Cisco routers, the command is:
logging 172.16.1.20
Of course, replace the IP address with that of your Splunk server. There are plenty of other syslog references out there. For Juniper, this may help. Many home-class routers have an option to export syslog as well, typically buried under an "Advanced" menu somewhere.
On the Splunk side, you can either configure a Splunk listener on port 514/udp, or you can configure your syslog server to write out to a file and index that. For the latter approach, here's how to configure using syslog-ng.
It's also possible to enable remote logging with other syslog daemons, though you may lose some flexibility. On Windows, look for Kiwi Syslog.
