I need to configure Firewalls for the required ports in order to forward syslog traffic from my syslog server that I'm installing forwarder on to Splunk. Does the forwarder use the defaul syslog "514/UDP" port?
Thanks!
A forwarder is able to listen on udp/514, it's just up to you to define the network ports on which you'd like your forwarder to listen.
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports
A forwarder is able to listen on udp/514, it's just up to you to define the network ports on which you'd like your forwarder to listen.
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports
By default though, traffic from a Splunk forwarder to another Splunk instance (indexer or intermediate forwarder) commonly uses TCP/9997 as port.