Splunk and SYSLOG

Reading Time: < 1 minutes

 I what we have is a two step process. I would create a central rsyslog server that can coalesce all your routers and other devices logs via syslog. Then, on that central syslog/syslog-ng server, run the splunk forwarder, configure it to tail the appropriate syslog file or files you

And Splunk has to be restarted essentially anytime a configuration file is modigied, or an app is installed. Secondly, Splunk would have to be running as root to accept traffic on ports lower than 1024 and this is against best practice. It also violates many companies security policies

This entry was posted in Logging, Splunk, Syslog. Bookmark the permalink.