Getting Data In

rsyslog no send logs in specific ip range

splunkcol
Builder

Hi,

I have 2 indexers

with the command I confirm that port 9997 is open.

In one of the two indexers all the incoming connections remain in the "SYN_RECV" state

In the other indexer some are in the "SYN_RECV" state and others are "ESTABLISHED"

The funny thing is that one ip range if connected and the other ip range does not

tcpdump is a relative test, because those in the "ESTABLISHED" state are not recognized by ping, telnet, or sniffer but deliver the logs to the indexer and the indexer to the search head and are displayed normally

The firewall area says that the policies are correct.

I am guaranteeing that port 9997 is in the listening state, is it a splunk configuration problem, or is it a transmission level network policy problem?


tcp 0 0 0.0.0.0:9997 0.0.0.0:* LISTEN
tcp 0 0 172.27.29.71:9997 192.168.71.13:49603 SYN_RECV
tcp 0 0 172.27.29.71:9997 192.168.71.13:49601 SYN_RECV
tcp 0 0 172.27.29.71:9997 192.168.70.17:59856 ESTABLISHED
tcp 315 0 172.27.29.71:9997 192.168.70.16:56015 ESTABLISHED
tcp 0 0 172.27.29.71:9997 192.168.71.12:57122 SYN_RECV
tcp 0 0 172.27.29.71:9997 192.168.70.14:51241 ESTABLISHED
tcp 0 0 172.27.29.71:9997 192.168.71.13:49605 SYN_RECV
tcp 0 0 172.27.29.71:9997 192.168.71.12:57119 SYN_RECV
tcp 3877460 0 172.27.29.71:9997 172.29.4.39:34311 ESTABLISHED
tcp 0 0 172.27.29.71:9997 192.168.71.13:49598 SYN_RECV
tcp 3211190 0 172.27.29.71:9997 192.168.70.12:55205 ESTABLISHED

0 Karma
1 Solution

splunkcol
Builder

 

with the command netstat -an | grep 9997 you are guaranteeing that the server has the port open and in the listening state

The problem was due to the policies of one of the firewalls

View solution in original post

0 Karma

splunkcol
Builder

 

with the command netstat -an | grep 9997 you are guaranteeing that the server has the port open and in the listening state

The problem was due to the policies of one of the firewalls

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...