On my old setup I had all syslogs going to syslog on the Splunk server, but now I'm doing a fresh setup with Ubuntu 9.10 servers with Splunk v4.1 and rsyslog v4.
I searched and found that I should can a receiving port, 2010, in "Manager » Forwarding and receiving » Receive data", and also added the following line in /etc/rsyslog.conf on the sending server and restarted rsyslog:
*.* @@192.168.10.7:2010;SyslFormat
Splunk never receives anything from the remote server with this setup. Is there something I'm missing here?
TIA,
Cotton
Also, it won't let me add 'rsyslog' or 'receiving' tags...
* new users can't create tags; 'rsyslog forwarding' are new tags
... View more