I've got 3 virtual servers that I would like to have them send the logs to the host pc that has splunk installed. The host and the virutal machines are all running ubuntu.
- I installed splunk on the host pc and have configured it to accept logs from all hosts on udp port 514 with source type of syslog.
- On the clients (virtual machines), I added the following on the /etc/syslog.conf file. So they can send the logs to the host machine with splunk installed.
*.info @ip-of-host-machine
- After making the changes on the clients I restarted the log service.
sudo /etc/init.d/sysklogd restart
- When I check splunk, I'm not getting any of the requested log files. I've tried testing from the clients by the following command:
sudo logger -p syslog.info Testing
This did append a log record to the /var/log/syslog file on the client, but splunk did not pick it up!
Any suggestions on how I can get my clients and splunk to play nice so I can get all of my logs consolidated? Thx!!
- I installed splunk on the host pc and have configured it to accept logs from all hosts on udp port 514 with source type of syslog.
- On the clients (virtual machines), I added the following on the /etc/syslog.conf file. So they can send the logs to the host machine with splunk installed.
*.info @ip-of-host-machine
- After making the changes on the clients I restarted the log service.
sudo /etc/init.d/sysklogd restart
- When I check splunk, I'm not getting any of the requested log files. I've tried testing from the clients by the following command:
sudo logger -p syslog.info Testing
This did append a log record to the /var/log/syslog file on the client, but splunk did not pick it up!
Any suggestions on how I can get my clients and splunk to play nice so I can get all of my logs consolidated? Thx!!