Hi,
I've tried everything. I have read all the answers and docs. A cannot force splunk indexer to forward all events to syslog server. I even tried to look at tcpdump output and here is no trace of communication on desired port.
Config s simple - UniversalForwarder (Windows Events) -> Splunk Indexer (Linux) -> Syslog (Linux). UF to SI works, SI to Syslog not. tecpdump on SI is not showing any outbound communication to syslog.
outputs.conf from SI - 192.168.9.22 is IP of Syslog
[syslog]
defaultGroup = mysyslog
[syslog:mysyslog]
server = 192.168.9.22:514
type = udp
I don't want fo filter anything so I'm not using props.conf and transforms.conf - but with them the situation is the same - no communication between SI and Syslog.
Maybe I have some component disabled or something? I have tried this config on both linux and Windows (all version 4.3) and no luck.
Anyone has working config files to share? Any ideas?
Thanks,
Alex
... View more