trying out SC4S - not seeing my syslog come through to Splunk Installed all running docker - no firewalls or selinux syslog hitting server running sc4s : tcpdump -i eth0 dst port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:24:24.962899 IP x.x.x.x.bob.com.38897 > 197-202-166-108-dedicated.multacom.com.syslog: SYSLOG local0.warning, length: 273 docker seems to be running fine - i receive HEC TEST EVENT's and startup events in splunk : sc4s version=v1.47.3 sc4s logs : [root@bob system]# docker logs SC4S
'/etc/syslog-ng/local_config/destinations/README.md' -> '/etc/syslog-ng/conf.d/local/config/destinations/README.md'
'/etc/syslog-ng/local_config/filters/README.md' -> '/etc/syslog-ng/conf.d/local/config/filters/README.md'
'/etc/syslog-ng/local_config/filters/example.conf' -> '/etc/syslog-ng/conf.d/local/config/filters/example.conf'
'/etc/syslog-ng/local_config/log_paths/README.md' -> '/etc/syslog-ng/conf.d/local/config/log_paths/README.md'
'/etc/syslog-ng/local_config/log_paths/lp-example.conf.tmpl' -> '/etc/syslog-ng/conf.d/local/config/log_paths/lp-example.conf.tmpl'
'/etc/syslog-ng/local_config/sources/README.md' -> '/etc/syslog-ng/conf.d/local/config/sources/README.md'
SC4S_ENV_CHECK_HEC: Splunk HEC connection test successful; checking indexes...
SC4S_ENV_CHECK_INDEX: Checking email {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking epav {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking epintel {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking epintelexit {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking fireeye {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking infraops {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking main {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netauth {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netdlp {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netdns {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netfw {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netids {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netipam {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netops {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netproxy {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking netwaf {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking osnix {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking oswin {"text":"Success","code":0}
SC4S_ENV_CHECK_INDEX: Checking oswinsec {"text":"Success","code":0}
syslog-ng checking config
sc4s version=v1.47.3
starting goss
starting syslog-ng
... View more