Configuration

Configure Splunk

• Configure a new index (e.g. pinsafe) for the new logs
• Configure inputs

Receiving syslogs on Splunk

NOTE: Its recommended to use a separate and dedicated syslog solution (e.g. rsyslog, syslog-ng, etc).

• Configure new TCP port (e.g. 514) pointing to the new index using the “pinsafe” sourcetype

[udp://<ip_address>:<port>]
connection_host = ip
index = pinsafe
sourcetype = pinsafe
disabled = 0

Monitoring log files

• Configure a new file monitor input pointing to the new index using the “pinsafe” sourcetype