We're trying to setup some test monitoring of a VMWare ESX host (not ESXi). Because our Splunk instance does not run as root, I setup the UDP listener port to be something above 1024.
However, I'm not able to find anything about syslog configuration on an ESX server that shows how one might configure it to send to a remote syslog host on any port other than 514. So I don't know if it just won't work or not (the VMWare is going to try something I suggested in that regard tomorrow), but I'm not all that hopeful.
So if I have to enable a UDP listener in Splunk on port 514, I assume that means I would now have to find a way to run Splunk as root rather than the non-privileged user I'm doing this as now?
This becomes an issue because my team, who administers Splunk, are not the corporate sysadmins and as such are not given root privileges.
asked 09 Nov '10, 22:07
Would running a service such as
I suspect there could be a way to do this with some kind of local firewall trick. You may be able to setup
answered 09 Nov '10, 23:22