I am not very network savvy. Trying to get my home router to syslog to Splunk to look at connection info in the Home Monitor app.
I can see events in the bandwidth_test sourcetype, so I know that I have the app running .
If I go to settings|Data inputs|UDP, I can see UDP port 514 enabled with source type RT-N66U
And in Windows Firewall, I can see that I have created an inbound rule called Splunk Syslog, which allows local port UDP 514, and remote port: all ports
On my RT-N66U router I have set remote log server to my Splunk install's IP address.
But in app, I see no logs and in the search app, I do not see events from syslog or RT-N66U or asus.
I tried running netstat -p UDP, that returns nothing. netstat -p TCP does return a lot of high ports and 8000, 8191 (I think these are the Splunk app)
Any clues/advise on what I am missing?
↧