AnsweredAssumed Answered

Integrating Audit/Logging with Splunk

Question asked by hocmo01 Employee on Apr 10, 2018

I am attempting to off-box log and audit messages to Splunk using the Splunk Logging Driver for Docker e.g., added this configuration to MGW docker compose yml:

 

logging:
  driver: splunk
  options:
    splunk-token: "<splunk token>"
    splunk-url: "<splunk url"
    splunk-insecureskipverify: "true"

 

This method uses the HTTP Event Collector feature of Splunk.  An access token is defined within Splunk and used to gain access to the Splunk HTTP(S) endpoint from the Docker container.

 

The MGW Docker container builds successfully (connecting to the Splunk instance successfully), but no requests (log messages) are seen on the Splunk instance.  I have tried manipulating the log and audit levels of the MGW, but this has no effect.

 

Not sure how to resolve this.  Any suggestions are appreciated.

Outcomes