I am trying to send my traffic logs to an install of Splunk on my workstation.
I think that this is supposed to work:
Logging
Remote Log Server: 192.168.1.19 (my desktop, wifi)
Default message log level: info
Log only messages more urgent than: all
Created a rule on my windows firewall "Allow syslog in" allowing UDP 514 inbound
But nothing goes to my workstation. I pulled up wireshark and set a filter of udp.port==514. I can see a bunch of Syslog events with DAEMON.INFO ... DHCP, but no traffic logs. None of it gets into Splunk either (that is a workstation problem). But what do I do to get the Remote logging to include traffic logs?
I think that this is supposed to work:
Logging
Remote Log Server: 192.168.1.19 (my desktop, wifi)
Default message log level: info
Log only messages more urgent than: all
Created a rule on my windows firewall "Allow syslog in" allowing UDP 514 inbound
But nothing goes to my workstation. I pulled up wireshark and set a filter of udp.port==514. I can see a bunch of Syslog events with DAEMON.INFO ... DHCP, but no traffic logs. None of it gets into Splunk either (that is a workstation problem). But what do I do to get the Remote logging to include traffic logs?