Configuring Data Inputs
Data inputs configuration depends on your SIEM infrastructure. Veeam App for Splunk supports the following architectures:
- Splunk acts as a receiver — receives data from Veeam Backup & Replication through the forwarder installed on the intermediate syslog server.
- Splunk acts as a forwarder — receives data directly from Veeam Backup & Replication and forwards it to another Splunk instance, syslog server, or third-party solution.
- Splunk acts as the only syslog server — receives data directly from Veeam Backup & Replication.
To configure data inputs, specify the veeam_vbr_syslog source type. For other settings, follow recommendations from Splunk documentation:
- Get data from TCP and UDP ports for Splunk Enterprise
- Get data from TCP and UDP ports for Splunk Cloud Platform
Important |
To display data correctly, the format of syslog messages sent to Splunk must be the same as on Veeam Backup & Replication. For more information, see Specifying Syslog Servers in the Veeam Backup & Replication User Guide. |