Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- About captainjak
captainjak
New Member
Member since:
09-15-2019
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 09-15-2019 |
Activity Feed
- Posted Re: Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-24-2019 12:03 AM
- Posted Re: Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-16-2019 11:43 AM
- Posted Splunk indexer for sonicwall firewall logs. on Splunk Search. 09-16-2019 11:29 AM
- Tagged Splunk indexer for sonicwall firewall logs. on Splunk Search. 09-16-2019 11:29 AM
- Tagged Splunk indexer for sonicwall firewall logs. on Splunk Search. 09-16-2019 11:29 AM
- Tagged Splunk indexer for sonicwall firewall logs. on Splunk Search. 09-16-2019 11:29 AM
- Posted Re: Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-16-2019 11:24 AM
- Posted Re: Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 03:17 PM
- Posted Re: Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 01:47 PM
- Posted Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 12:23 AM
- Tagged Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 12:23 AM
- Tagged Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 12:23 AM
- Tagged Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 12:23 AM
- Tagged Data input configuration for UDP syslogs from sonicwall firewall on Splunk Dev. 09-15-2019 12:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
09-24-2019
12:03 AM
Thanks @vsingla1 for your support.
I'm receiving the logs via udp:514 port by configuring the data input UDP ports.
Now a new error is showing here it is
Unable to search the indexed data due to license limit violation errors. How can we get back and limit the input data to not to exceed to 500mb per day.
... View more
09-16-2019
11:43 AM
Hi @vsingla1
thanks for your response. We are almost close to index firewall logs. but a small link is missing somewhere we are unable to find out.
The Indexer, UF, searching are in same single Linux server. Rsyslog server is configured in Linux server.
Splunk enterprise setup is working fine it is showing the logs only from local
Linux server which we have configured UF and Rsyslog server. our Sonicwall firewall logs are also coming to server from firewall. But we are unable to index the files in Splunk.
Need support.
... View more
09-16-2019
11:29 AM
Hi all, in our network environment to capture the logs and analyze that logs generated by SonicWall firewall we have implemented Splunk enterprise tool in Linux server. Our Splunk indexer is displaying the local linux server logs but not the firewall logs coming to server from sonicwall via syslog server. We're missing a single step away from indexing the logs. need support.
... View more
09-16-2019
11:24 AM
HI @vsingla1 ,
Thanks for your response. All set in our environment. But one small thing is missing.
We have installed Splunk Enterprise& Splunk UF on same Linux server. And configured in our firewall to send the syslogs to same Linux server. Our Splunk indexer is showing the logs of local Linux server logs fine, but unable to display/index the firewalled syslogs. Syslogs from firewall are coming to the device we have done a packet capture test on the server, it showed all the incoming syslog traffic to Linux server.
Just a small step away from displaying those logs. but unable to find it. Need support.
... View more
09-15-2019
03:17 PM
Hi,
Will explain briefly once.
I've installed Splunk enterprise from Splunk website. I don't have an idea about the component like UF, indexer, search head. Wheather how to find which component is running?? I think it is Indexer which will display log messages.
2.As you suggested to use Linux server for both forward and indexing in the same server or do we need two. If we can install in single Linux server, pls provide any useful link for installation and to add data input.
How to configure the inputs.conf file to receive logs from the firewall. Will it update logs dynamically.
mail to: [email protected]
... View more
09-15-2019
01:47 PM
Hi,
Thanks for your reply vsingla1. Your answer was helpful somehow. But, I got stuck at data indexing in windows server. My Splunk setup was running on Windows server, Can I install Syslog server in same Windows server. And configure the log directory in "Continuously monitor " in Splunk with UDP port 515. Guide me to complete the configuration and smooth running.
... View more
09-15-2019
12:23 AM
Hi there,
I need your support to configure Splunk for our network security environment.
I have installed Splunk in our Windows 2012 Server. Splunk web was working fine. We need to add our Sonicwall firewall sys logs to Splunk add data input. Guide us to configure Data inputs and index data automatically.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
