I’m working on getting Splunk up and running again at work. Going through syslog can be such a pain and I like how I can save my “Splunks” and run them with a click of a button.
Splunk is simple to set up with just a few quick commands on Linux. I didn’t spend any time searching for .deb files (I’m running Ubuntu 6.06 LTS) and just downloaded the Debian package from Splunk directly.
After the simple installation of the free version, which supports 500MB of syslog per day, I pointed my new Cisco switch and Wireless LAN Controller at my Splunk server. Voila, within minutes I was already receiving messages.
So hot.
{ 3 comments… read them below or add one }
Just curious, what Splunks have you created for your Wireless LAN controller? I added our Cisco WCS to splunk, but haven’t creating any custom splunks for it yet.
I’ve only created one for Radius server errors so far. That way I can easily tell if unauthorized users are trying to access the network.
I haven’t configured splunks any other splunks yet because my environment is pretty small so far.
Well, I just installed it and so far I like it. We’ll probably do the same with our radius servers.