If your organization has a Splunk server deployed, you can automatically forward your VidyoRoom logs to that server.
Caution: You understand and acknowledge that Splunk forwarder is a third party software and Vidyo will have no liability for any failures, corruption or loss of data and/or information caused to your devices or systems as a result of the implementation or use of Splunk forwarder by you.
By enabling this feature, you are warranting that you have permission to use the Splunk Enterprise instance which listens at the configured IP address and you agree to assume all risks and all costs associated with your use of any Splunk software or service.
Further, you understand that unauthorized access to the Splunk Enterprise system may allow unauthorized actors to gather metadata (participant lists, time/date, phone numbers, etc.) about conferences in which your VidyoRoom systems have participated. This feature is being provided on an “AS IS” and “AS AVAILABLE” basis and Vidyo is not obligated to provide any maintenance, technical or other support for any Splunk software or service.
The following sourcetypes are used when setting up the Splunk forwarder:
The vidyodesktop sourcetype requires additional changes to the props.conf file on the Splunk server. Make direct changes to the file or use the Splunk Server UI as follows:
- MAX_TIMESTAMP_LOOKAHEAD = 20
- NO_BINARY_CHECK = true
- TIME_FORMAT = %m-%d %H:%M:%S.%3N
- Category = Custom
- Pulldown_type = 1
Restart Splunk or use debug refresh if making direct changes to the props.conf file.
The creation of the vidyodesktop sourcetype on the Splunk server must be done before starting a Splunk forwarder. If this is not done, the events from the vidyodesktop sourcetype may have incorrect time extraction. The other sourcetypes can be auto-created by Splunk and everything will work seamlessly.
If any of these sourcetypes have been configured already on the Splunk server, the Splunk server may extract or index in the information in an unexpected manner. For example, if the TIME_FORMAT for the sourcetype does not match the time format of the file we are monitoring, the time may be extracted incorrectly. Currently, we do not have an option for the user to be able to customize the name of the sourcetype on the Splunk forwarder.
Lastly, delete any older log files prior to enabling the Splunk forwarder; otherwise, there will be a delay in syncing new log files with the server.
To enable the Splunk forwarder:
- Click the Logs tab.
- Click the blue triangle next to the words Splunk Forwarder to view the Splunk Forwarder settings if needed.
- Select the Enable Splunk Forwarder checkbox.
In order for the Splunk forwarder to work correctly, your VidyoRoom system hostname must be set to a unique value. For information about how to set the hostname, see Configuring the Network Settings.
- Enter which index on the Splunk server you want to send the logs to for analysis in the Index
For more information about who to properly configure the values for your Splunk forwarder, refer to the Splunk documentation at http://docs.splunk.com/Documentation/Forwarder/6.4.3/Forwarder/Configuretheuniversalforwarder.
- Enter the IP address or the hostname of the Splunk server in the Server Address field.
- Enter the listening port of the Splunk Server in the Server Port field.
- Select the Enable SSL checkbox if you want to encrypt the log data that you are sending to the server.
- Enter the password for the RSA private key contained in the server certificate file in the Certificate Password field.
- Upload a new root Certificate Authority file if necessary:
- Click Choose File and choose the .crt file that you want to upload.
- Click Upload Root CA.
- Upload a new Certificate file if necessary:
- Click Choose File and choose the .pem file that you want to upload.
- Click Upload Certificate.
- Click Save.