You can have Splunk listen for this data like this:
Manager -> Data inputs -> TCP -> Add new
Choose a TCP port, allow all hosts or restrict to a single host.
Set sourcetype to syslog on the bottom drop list.
If you want to point it at the non-default index, choose More settings and pick an index.
Click save and make sure your network and host firewalls allow the traffic.
The port number is the on you defined yourself in the inputs.conf of your indexer. (or using the manager).
see http://docs.splunk.com/Documentation/Splunk/5.0.4/admin/Inputsconf
usually syslog servers use 514 UDP, but you can specify any.
Hi,
Could you tell TCP port number for the same.
Please mark Answered if this does solve your issue, too. thanks 🙂
Yes, you must tell the CentOS machine to send logs off host. Assuming it is rsyslog, read these docs:
http://www.rsyslog.com/doc/rsyslog_reliable_forwarding.html
You could, also, set the Splunk Data input as UDP not TCP and use this method:
http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/
Thanks..do i have to do any configuration in CentOS Server side to point to Splunk server