Polycom Video Infrastructure - Monitoring with Spl...

ashishsinghal · ‎07-09-2019

Any success story for this integration ? Right now i am stuck as i am trying to forward Polycom DMA syslogs to splunk and as Polycom uses UDP 514 & as this is a reserve port Splunk can't accept logs from Polcyom. Please advise, if there are other ways.

I am focusing on Quality Monitoring, end point registration & MCUs utilization.

tiagofbmm · ‎07-09-2019

You can send logs to Splunk and configure any available port to listen to those syslog messages:

[tcp://<remote server>:<port>]
* Configures the input to listen on a specific TCP network port.

[udp://<remote server>:<port>]
* Configures the input to listen on a specific UDP network port.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf

Usually sending syslog directly to Splunk is not a best practice but you could instead use an intermediate Syslog-NG or Rsyslog to write it to disk, and have a Splunk UF monitoring those files.

If your Polycom can send HTTP data, you can also enabel HEC on Splunk Indexers and listen to that stream of data directly into Splunk:

https://docs.splunk.com/Documentation/Splunk/7.3.0/Data/UsetheHTTPEventCollector

Polycom Video Infrastructure - Monitoring with Splunk

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation