Getting Data In

Universal Forwarder port requirements to forward syslog traffic

ashafiee
Explorer

I need to configure Firewalls for the required ports in order to forward syslog traffic from my syslog server that I'm installing forwarder on to Splunk. Does the forwarder use the defaul syslog "514/UDP" port?
Thanks!

Tags (1)
1 Solution

jbsplunk
Splunk Employee
Splunk Employee

A forwarder is able to listen on udp/514, it's just up to you to define the network ports on which you'd like your forwarder to listen.

http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

View solution in original post

jbsplunk
Splunk Employee
Splunk Employee

A forwarder is able to listen on udp/514, it's just up to you to define the network ports on which you'd like your forwarder to listen.

http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

Ayn
Legend

By default though, traffic from a Splunk forwarder to another Splunk instance (indexer or intermediate forwarder) commonly uses TCP/9997 as port.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...