I am assuming Linux all the way around. You need to make sure that at each stage the port is active. You can do this with netstat
. You also need to make sure you are using UDP everywhere (or TCP everywhere). You also need to make sure that your ports are open everywhere to allow the traffic and lastly that you have routes from each machine that allow the data to travel back AND forth. You can test the ports using netcat
command nc
; with this you can both receive data (act as Splunk forwarder) and also inject data (act as firewall sender).
I am assuming Linux all the way around. You need to make sure that at each stage the port is active. You can do this with netstat
. You also need to make sure you are using UDP everywhere (or TCP everywhere). You also need to make sure that your ports are open everywhere to allow the traffic and lastly that you have routes from each machine that allow the data to travel back AND forth. You can test the ports using netcat
command nc
; with this you can both receive data (act as Splunk forwarder) and also inject data (act as firewall sender).
thanks a lot
i opened the port 514 udp and it works :))))
https://support.microsoft.com/fr-fr/kb/308127/fr?wa=wsignin1.0
Is the built in Windows Firewall on?
To Open UDP:514 in Standard Windows Firewall
netsh firewall add portopening UDP 514 "Open UDP 514"
To Open UDP:514 in Advance Windows Firweall
netsh advfirewall firewall add rule name="Open UDP 514" dir=in action=allow protocol=UDP localport=514
Splunk 6.1.2 in windows
also make sure the local firewall is allowing udp port 514. What OS is Splunk on?
Have you verified there is connectivity between the firewall and Splunk? Are you looking in the right place for the received logs?
i tested with ping and there is connectivity 😞