Logging Splunk Syslog

Splunk and SYSLOG

Reading Time: < 1 minute

 I what we have is a two step process. I would create a central rsyslog server that can coalesce all your routers and other devices logs via syslog. Then, on that central syslog/syslog-ng server, run the splunk forwarder, configure it to tail the appropriate syslog file or files you

And Splunk has to be restarted essentially anytime a configuration file is modigied, or an app is installed. Secondly, Splunk would have to be running as root to accept traffic on ports lower than 1024 and this is against best practice. It also violates many companies security policies

Related posts

QRadar logging Microsoft Security Event Log over MSRPC

user

QRadar configuring a syslog source.

user

Installing QRadar – A SIEM from IBM

user