From Splunk Wiki
How to get Novell Netware Log Data in to Splunk
Novell NetWare does not come with build-in syslog client functionality. However, with some external help Novell log files can be eaten by Splunk
The key point to know is that Novell NetWare stores log information in plain text file like sys$log.err, vol$log.err and tts$log.err. These files are accessible from any system that can connect to the NetWare file server.
So we can use Splunk’s file monitor to read this log files. To do this, you just need to follow these steps:
- Setup a Windows Server or Workstation and install Splunk Forwarder on it
- Configure a Splunk Forwarder to send events to a Splunk that is indexing.
- Make sure it can access the Novell NetWare file system (this means has a NetWare client installed). Use the UNC path name as in “\\servername\full\path\to\resource”
- Configure Splunk Forwarder to monitor the location of those files mentioned above.