10-15-2015 09:24 AM - edited 02-21-2020 05:36 AM
We are trying to set up Splunk, on a GNU server, running with rsyslog. Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon. I can't find a file anywhere that has the data from the switch.
I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server. I have both logging and traps set to send to 10.10.10.20, and I'm logging to the buffer at level 6. The switch can ping the server, and vice versa; there is no firewall or other devices.
What do I need to do to the rsyslog.conf file? and do I need to create a logging subdirectory?
Please explain in detail, that would make things more helpful.
Thanks.
Solved! Go to Solution.
10-15-2015 10:06 PM
We are trying to set up Splunk, on a GNU server, running with rsyslog. Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon. I can't find a file anywhere that has the data from the switch. I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server. I have both logging and traps set to send to 10.10.10.20, and I'm logging to the buffer at level 6. The switch can ping the server, and vice versa; there is no firewall or other devices. What do I need to do to the rsyslog.conf file? and do I need to create a logging subdirectory? Please explain in detail, that would make things more helpful. Thanks.
Hi,
Check out the below link about syslog configuration on server.
http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/#
Hope it Helps..
-GI
Rate if it Helps..
10-15-2015 10:06 PM
We are trying to set up Splunk, on a GNU server, running with rsyslog. Splunk doesn't see the data, and I'm reasonably sure it is because we are not set up correctly with the rsyslog daemon. I can't find a file anywhere that has the data from the switch. I set up the switch with a VLAN1 ip of 10.10.10.1, with a default-gateway of 10.10.10.20, which is the IP address of the GNU server. I have both logging and traps set to send to 10.10.10.20, and I'm logging to the buffer at level 6. The switch can ping the server, and vice versa; there is no firewall or other devices. What do I need to do to the rsyslog.conf file? and do I need to create a logging subdirectory? Please explain in detail, that would make things more helpful. Thanks.
Hi,
Check out the below link about syslog configuration on server.
http://tecadmin.net/setup-centralized-logging-server-using-rsyslogd/#
Hope it Helps..
-GI
Rate if it Helps..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide