CentOS 6 server Syslog forwording to Splunk serve...

heykumaran · ‎07-11-2013

Hello,

How can i forward syslog from one of our servers (CentOS 6.3) to Splunk Server (Windows 2012). Please help me

Thanks

jtrucks · ‎07-11-2013

You can have Splunk listen for this data like this:

Manager -> Data inputs -> TCP -> Add new

Choose a TCP port, allow all hosts or restrict to a single host.
Set sourcetype to syslog on the bottom drop list.

If you want to point it at the non-default index, choose More settings and pick an index.

Click save and make sure your network and host firewalls allow the traffic.

--
Jesse Trucks
Minister of Magic

yannK · ‎08-16-2013

The port number is the on you defined yourself in the inputs.conf of your indexer. (or using the manager).

usually syslog servers use 514 UDP, but you can specify any.

nilesh8 · ‎08-16-2013

Hi,

Could you tell TCP port number for the same.

jtrucks · ‎07-11-2013

Please mark Answered if this does solve your issue, too. thanks 🙂

--
Jesse Trucks
Minister of Magic

jtrucks · ‎07-11-2013

Yes, you must tell the CentOS machine to send logs off host. Assuming it is rsyslog, read these docs:

You could, also, set the Splunk Data input as UDP not TCP and use this method:

--
Jesse Trucks
Minister of Magic

heykumaran · ‎07-11-2013

Thanks..do i have to do any configuration in CentOS Server side to point to Splunk server

CentOS 6 server Syslog forwording to Splunk server