Security

collect Remote event log on my Windows splunk server

dineshahlawat
New Member

Hello Team,
I am new to splunk,
I need to collect Remote event Log on my Windows splunk server.
So Under my splunk GUI
Manager » Data inputs » Event log collections » My_server_logs
It Gives Me error :


Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host '10.151.57.199'. This host may not be reachable or WMI may be misconfigured.

Now the log i am fetching is a Unix Machine so do i need to configure the win-wmi on unix or there is any other tool i need to configure for this.
please share the sequence of steps to configure this.

0 Karma
1 Solution

Ayn
Legend

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

View solution in original post

Ayn
Legend

You can't do WMI polling on non-Windows systems, because it uses native Windows libraries.

View solution in original post

Ayn
Legend
0 Karma

dineshahlawat
New Member

Thanks Ayn, For clearing this doubt. Can you please share the steps to configure the Universal Forwarder (ON UNIX) to forward the log file to Splunk.

0 Karma

Ayn
Legend

Oh so you mean the other way around? You're running Splunk on Windows but have remote logs on a Unix box? In that case you can't use WMI at all, it's Windows only. For getting events from your remote Unix box, you should install a Universal Forwarder on it and have it send the events back to your indexer. Or configure it to send syslog.

0 Karma

dineshahlawat
New Member

OK so what can i do to access the unix logs.
please share any reference to configure.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!