Skip to main content
Code42 Support

Code42 environment logs as data sources for Splunk Enterprise

Applies to:
  • Code42 CrashPlan (previously CrashPlan PROe)

Overview

This tutorial explains how to send log files from Code42 servers or devices to a Splunk Enterprise server.

For additional details about configuring Splunk, see Splunk's documentation.

You can also use the Code42 app for Splunk to display Code42 data in Splunk Enterprise. 

Before you begin

  1. Install and configure Splunk Enterprise for use with your Code42 environment.
  2. In your Splunk Enterprise configuration, configure Splunk Enterprise to receive data from your forwarder.

Code42 app for Splunk
Install the Code42 app for Splunk for easier integration of your Code42 environment with Splunk Enterprise. The Code42 app for Splunk provides visibility into your Code42 environment for the purposes of capacity planning, performance monitoring, security monitoring, and user management.

Step 1: Send logs to Splunk Enterprise

We recommend using one of two options to send logs to Splunk Enterprise:

Tool Recommended For Not Recommended For
Splunk Universal Forwarder
  • Code42 servers
  • Devices
Managed appliances
syslog

Code42 servers, including managed appliances

Devices

Option 1: Send logs via the Splunk Universal Forwarder

The Splunk Universal Forwarder sends data from a Code42 server or a device in your Code42 environment to your Splunk Enterprise server.

For each Code42 server and device, set up the Splunk Universal Forwarder. The installation process follows this general outline:

  1. Download and install the Splunk Universal Forwarder on the Code42 server or device that contains the logs you wish to forward.
  2. Configure the Splunk Universal Forwarder to target your Splunk Enterprise server.
  3. Configure the Splunk Universal Forwarder to monitor log files on your Code42 server or device.
    See Code42 Log Locations below for a list of log directories.
  4. Start the Splunk Universal Forwarder.

Splunk supports many installation options and procedures, so we recommend that you thoroughly review Splunk's installation instructions.

Option 2: Send logs via syslog

You can use syslog to forward data from a Code42 server to Splunk Enterprise.

Managed Private Cloud customers
Contact your Code42 PRO Services representative to implement this solution on your managed appliances.

Step 1: Add a UDP data source for syslog

Configure Splunk Enterprise to accept data from a UDP source.

Step 2: Configure your Code42 server

Configure your Code42 server to send log data to Splunk Enterprise via syslog:

Alternative commands
The example commands shown here apply to all your Code42 servers. For more information on configuring system properties, including alternative parameters that target individual Code42 servers, refer to Administration console command-line interface.
  1. Sign in to your administration console.
  2. Double-click the Code42 logo to open the administration console command-line interface.
  3. Enter the following commands, adapted to your syslog configuration, to configure syslog communication:
    prop.set c42.log.syslog.v1.host localhost save all
    prop.set c42.log.syslog.v1.facility LOCAL0 save all
    
  4. Enter the following commands to enable syslog for each log.
    Replace true with false to disable syslog for each log.
    • com_backup42_app.log
      prop.set c42.log.syslog.v1.root.enabled true save all
      
    • history.log
      prop.set c42.log.syslog.v1.history.enabled true save all
      
    • rest.log
      prop.set c42.log.syslog.v1.rest.enabled true save all 
  5. Restart all Code42 servers in your Code42 environment.
    1. Navigate to Destinations > Servers in the administration console.
    2. For each Code42 server:
      1. Select the Code42 server to view its details.
      2. Click action menu > Restart Server to immediately restart the Code42 server.

Step 2: Verify that log data is collected

In your Splunk Search dashboard, view your Data Summary to verify that data from your Code42 environment is transmitting to Splunk Enterprise.

Splunk Forwarder syslog data

Next steps

Once Splunk Enterprise is monitoring log files from your Code42 environment, you can search and visualize the data using the techniques described in Analyzing Data With Splunk And The Code42 API.

Code42 log locations

Code42 server

Server Logs

  • Linux: /var/log/proserver
    Applies to Code42 servers installed as root on Ubuntu
  • Windows: C:\Program Files\CrashPlan PROe Server\logs
  • OS X: /Library/Logs/PROServer

Requested CrashPlan app Logs

  • Linux: /var/opt/proserver/client-logs
    Applies to Code42 servers installed as root on Ubuntu
  • Windows: C:\Program Files\CrashPlan PROe Server\client-logs
  • OS X: /Library/Logs/PROServer/client-logs

Code42 CrashPlan app

Service Logs

  • Windows Vista, 7, 8, 10, Server 2008, and Server 2012: C:\ProgramData\CrashPlan\log
    To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
  • Windows XP: C:\Documents and Settings\All Users\Application Data\CrashPlan\log
    To view this hidden folder, open a file browser and paste the path in the address bar.
  • OS X: /Library/Logs/CrashPlan
    If you installed per user, see the file and folder hierarchy.
  • Linux: /usr/local/crashplan/log

UI Log Files

  • Windows Vista, 7, 8, 10, Server 2008, and Server 2012: C:\ProgramData\CrashPlan\log
    To view this hidden folder, open a file browser and paste the path in the address bar. If you installed per user, see the file and folder hierarchy.
  • Windows XP: C:\Documents and Settings\All Users\Application Data\CrashPlan\log
    To view this hidden folder, open a file browser and paste the path in the address bar.
  • OS X: ~/Library/Logs/CrashPlan
    To view this hidden folder, open the Finder, press Command-Shift-G, and paste the path.
  • Linux: /usr/local/crashplan/log