-
Notifications
You must be signed in to change notification settings - Fork 5
Windows 10 and Splunk Enabling syslog UDP 514
Kamilo Amir edited this page Feb 19, 2018
·
3 revisions
- Install Splunk as Admin or with Administrator Privileges
- Once installed, enable port 514 (UDP) in Splunk
- Settings -> Data Inputs -> UDP -> Add New -> Port 514 sourcetype=syslog
- Run netstat -an and look for UDP 0.0.0.0:514 to show that Splunk is listening on port 514
- On Windows Host, make sure that the firewall is allowing UDP 514 traffic inbound
- Control Panel -> System and Security -> Windows Defender Firewall -> Allow an app through Windows Firewall -> Advanced Settings -> Inbound Rules -> New Rule... -> Port (Next) -> UDP, Specific Port 514 (Next) -> Allow Connection (Next) -> Rule Applies Domain, Private and Public (Checked) (Next) -> Name it Syslog and Finish)
Windows 10 Pro (Build 16299) / Windows 10 Home (Build 16299) Hypervisor Oracle Virtual Box Bridged Adapter (Directly Attached NIC) syslog test script : https://github.com/dbough/syslog-generator
Setup Splunk on Windows 10 Pro server and setup Splunk to listen on port UDP:514. Ran netstat -an and saw UDP 0.0.0.0:514 enabled. Sent test messages using script to Windows 10 Pro box.
home | monitor > app for Splunk