I have configured the ASA to syslog directly to my splunk server(low volume) and I have set up to receive syslog on UDP 514.
However, I am not getting any data, the Cisco ASA app is not picking it up, etc.
I believe I have everything set up according to the documentation.
I have also searched the community, and the solutions provided have not seemed to help.
A kick in the right direction would be appreciated.
Thanks!
Are you sure that you are getting the syslog messages? Can you confirm it via a tcpdump or snoop? If the forwarder is reading port 514, then I beleive that it needs to run as root.