Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

syslog server set-up

test_splunk15
Explorer
‎05-15-2020 09:14 AM

Hi,

As a temporary measure (for 3 months), we have been asked to set-up one of the splunk server (HF) to work as syslog server which should receive logs from trend for security events.

I have gone through few URLs and pages from other questions but couldn't see end-to-end set-up, reason being I can't see any service with syslog in my server as such but by default we have rsyslog service running (I've configured and tested between UB as server and HF as client but however I've been asked to use syslog instead rsyslog for temp purpose).

For my local testing, I am trying to test my UB as server and HF as client before we actually gets logs from trend (Which will be our actual client), in client (We're asked to use TCP only no UDP) what are all settings required (where to configure server details )again as I said I dont see anything specific to syslog but rsyslog (is this valid usecase? )

however port I've enabled under /etc/services as :
syslog myport/tcp #syslogclient

From server side (in UB) configured inputs.conf with the client info.

any leads on specifically on syslog configurations ( also with TCP we will have data lose with this mechanism?) any documentation link would be helpful.

Thanks.

0 Karma
Reply

test_splunk15
Explorer
‎05-15-2020 10:01 AM

for syslog

service syslog restart
Redirecting to /bin/systemctl restart syslog.service

Failed to restart syslog.service: Unit not found.

in this scenario, splunk will accept from rsyslog or syslog-ng (client) or server side too we should have the respective rsyslog/ syslog-ng conf

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...