Configuration on ESKM

1. Log in to ESKM.

2. Click the Device tab and click the Log Configuration link under the Logs & Statistics section.

3. Click the Edit button under the Syslog Settings table.

4. Select the checkboxes under the Enable Syslog column for the logs that need to be displayed in Splunk.

5. Enter the machine IP where Syslog and Splunk Universal Forwarder are installed under the Syslog Server #1 IP column, and enter the port number (default – 514) in the Syslog Server #1 Port column.

6. Click the Save button.

Syslog Settings