Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
10
Helpful
1
Replies

How do I get a GNU linux serve to injest syslog data?

Go to solution
jimmycher
Level 1
Level 1

‎10-15-2015 09:24 AM - edited ‎02-21-2020 05:36 AM

We are trying to set up Splunk, on a GNU server, running with rsyslog.   Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon.   I can't find a file anywhere that has the data from the switch.

 

I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server.  I have both logging and traps set to send to 10.10.10.20, and I'm logging to the  buffer at level 6.  The switch can ping the server, and vice versa; there is no firewall or other devices.

 

What do I need to do to the rsyslog.conf file?  and do I need to create a logging subdirectory?

Please explain in detail, that would make things more helpful.

 

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-15-2015 10:06 PM 

We are trying to set up Splunk, on a GNU server, running with rsyslog.   Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon.   I can't find a file anywhere that has the data from the switch.


I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server.  I have both logging and traps set to send to 10.10.10.20, and I'm logging to the  buffer at level 6.  The switch can ping the server, and vice versa; there is no firewall or other devices.


What do I need to do to the rsyslog.conf file?  and do I need to create a logging subdirectory?

Please explain in detail, that would make things more helpful.


Thanks.

Hi,

Check out the below link about  syslog configuration on server.

http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/#

Hope it Helps..

-GI

Rate if it Helps..

View solution in original post

1 Reply 1

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-15-2015 10:06 PM 

We are trying to set up Splunk, on a GNU server, running with rsyslog.   Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon.   I can't find a file anywhere that has the data from the switch.


I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server.  I have both logging and traps set to send to 10.10.10.20, and I'm logging to the  buffer at level 6.  The switch can ping the server, and vice versa; there is no firewall or other devices.


What do I need to do to the rsyslog.conf file?  and do I need to create a logging subdirectory?

Please explain in detail, that would make things more helpful.


Thanks.

Hi,

Check out the below link about  syslog configuration on server.

http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/#

Hope it Helps..

-GI

Rate if it Helps..

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card