Syslog will allow you to collect logs which your linux host is managing via syslog.
Any additional log locations will need to be configured on the linux host in question - and syslog can get a bit complex if it is monitoring large numbers of files.
A Splunk forwarder can collect any number of files from the system (permissions dependant) including the messages file which you are probably already collecting via syslog, but with the benefit you can manage which files get indexed from a central location.
When you have more than a few hosts, this is a significant benefit.
Additionally - Logs sent by a uf will survive network interruptions, reboots (client or server) ans allow you to easily configure limits, loadbalancing and failover. Conversely, syslog messages sent whist the server is rebooting, or down are lost!
If my comment helps, please give it a thumbs up!
