Configuring Data Inputs
Data inputs configuration depends on your SIEM infrastructure. Veeam App for Splunk supports the following architectures:
- Splunk acts as a receiver — receives data from Veeam Backup & Replication and Veeam ONE through the forwarder installed on the intermediate syslog server.
- Splunk acts as a forwarder — receives data directly from Veeam Backup & Replication and Veeam ONE and forwards it to another Splunk instance, syslog server, or third-party solution.
- Splunk acts as the only syslog server — receives data directly from Veeam Backup & Replication and Veeam ONE.
To configure data inputs, specify the veeam_vbr_syslog source type. For other settings, follow recommendations from Splunk documentation:
- Get data from TCP and UDP ports for Splunk Enterprise
- Get data from TCP and UDP ports for Splunk Cloud Platform
Important |
To display data correctly, the format of syslog messages sent to Splunk must be the same as on Veeam Backup & Replication and Veeam ONE. For more information, see the following sections:
|