I configure syslog on my cisco router and switch, and I am no receiving any data into my splunk server. Yes I enable syslog on my devices and i enable port 514 on splunk server
I think the problem that I have is on my cisco devices configuration. If anyone can help me with this configuration, I will thank you.
I am using windows 7 for Splunk server.
I enable TCP and UDP in the Splunk configuration.
On my cisco devices I configure them with this commands: #logging 192.168.1.7 this address is splunk server.
On Splunk server: - Data Inputs UDP ( Listen on a UDP port for incoming data, e.g. syslog).
-UDP port 514
-Set source type: From list
-Select source type from list: Syslog
-What level of logging did you choose for your cisco devices? How to change the level of logging for you cisco device?
-Except Splunk is running as root/privileged ? How to run splunk as a root or privileged?
Except Splunk is running as root/privileged user (not recommended), It would not listen on ports below 1024. Syslog uses UDP 514. You could also have your iptables redirect port 514 to a higher port which splunk can listen on.