how to configure splunk with Bigfix, how to configure syslog connector in Bigfix
Are you asking how to install the Splunk Forwarders with IEM/Bigfix?
Or are you asking how to connect Splunk to Bigfix?
I’m also curious about using Splunk to gather and report on BigFix infrastructure logs.
I have never used it, and I’m not certain what it does, but there is this: https://apps.splunk.com/app/407/
Also an analysis for reporting on Splunk Config: http://bigfix.me/analysis/details/2994522
Thanks for your replies, i have running splunk application in the current environment , just want to know how bigfix application redirect its logs to splunk via syslog connector?
1 Like
We use Splunk for all manner of things, but I haven’t thought of having it harvest from BigFix. What are the things y’all would solve by this?
how to configure BigFix syslog connector for splunk
So after tangling with that app for a few months I can tell you a couple things about it (at least from the perspective of our environment).
- It was built and configured to work with BigFix version 7.0 and support is spotty at best for it.
- If your BigFix server is not ready to handle the requests from the Python scripts that collect the data from web reports using the SOAP API, it can cause other reporting from the Web Reports to be very late because it’s dealing with the requests from Splunk.
- The current Python scripts that were shipped with the app (at least in my environment) treated all the information it received from BigFix as an error and thus did not index it at all even though it was the information being requested.
I’ve re-installed the app a dozen times and gone through Splunk support who basically confirmed what I had already stated was an issue. Their concern was the index that was being created didn’t take in any information but we re-created that a couple different ways and still no success.
As for the Syslog connector, the app page says that IBM has this component but I have searched for it and have yet to find a link to it anywhere from IBM or the BigFix team. All I can say now is that app really pushes my buttons.
/rant
1 Like
I am trying to implement this as well. Has anyone made any progress in getting syslogs from Bigfix?
So after not looking at the app for a couple months because it made my blood boil, it looks like it started pulling in the data that it was configured to grab. I’m not sure what my other team members have done recently to make it work because I none of them had touched it for a while but all of sudden, a little over a month ago, it started working.
I scheduled the python scripts to run and they worked as well. There is some pruning that may need to be done to ensure that the data you’re trying to grab actually exists in your deployment but the app does seem to work.
As for the syslog connector, my statement above stands.
Where are the syslogs actually located?
1 Like
Related:
- Syslog Connector? Splunk
- http://answers.splunk.com/answers/9371/anyone-implement-splunk-for-bigfix-app.html
- http://answers.splunk.com/answers/155477/ibm-bigfix-soap-api-via-connector-to-splunk-assistance-required-please.html
- http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/t_logsource_TEMprotocol.html