Thank you engineer for me sysmon it worked and I received endpoint data but syslog did not work I want to know the links that the user visits and remove them from network sources

Hi @tuts ,

debug your situation:

• are you sure that the routes between endpoints and the syslog receiver are open?
• did you configured the syslog receiver as described in the above documentation (inputs)?
• did you disabled the local firewall on the Splunk receiver?

For syslog, instead of the syslog receiving inside Splunk (Splunk Network Inputs) I hint to use an rsyslog receiver that writes syslogs on a file and then with Splunk you can read these files

Ciao.

Giuseppe

@tuts 

As with most things Splunk, the specifics will depend on the details of your environment and chosen deployment. In the question you asked, the Splunk DOCs are sufficient to give you a general idea, but without more details it is harder to give more specific advice.

If you're on-prem, then this is another example:

Monitor files and directories with inputs.conf - Splunk Documentation

Syslog data is sent over port 514, though it can also be configured to transmit and receive on another port and it is usually UDP, which means that they data is best effort but there is no transport guarantee, and so potentially you will lose logs.  Further, depend on your network environment and configuration, you will need to account for any switches and firewalls to ensure that they traffic is being transmitted and received between the source and the syslog receiver, and then the traffic between the syslog server and Splunk (if you have not already configured Splunk to directly receive syslog traffic (and this changes depending on whether this is a linux or windows environment.)

In the hint that Giuseppe gave above, RSYSLOG is a linux native solution that can be set-up to receive syslog data from remote hosts, and configured to deposit them to specific folders that can then be monitored by a UF agent on the syslog server host. 

It seems like you're looking to pull browser and mail syslog data in Splunk, but you're facing several problems. To clarify your request: you want to know the correct method to track users who have visited specific websites and made changes, correct?