Syslog is typically sent via UDP, not TCP.
I would try doing a wireshark dump on the server to check that you're not sending the SYSLOG to UDP instead of TCP.
We're doing SYSLOG collection on our monitoring system (which then commits data to Splunk), and discussed sending this into Splunk, but the problem is that SYSLOG is UDP; It's a fire-and-forget protocol, so there would be no assurance for having the data. This is why typically installing the Universial Forwarder directly on the machine you want to collect data from is a better idea. (-:
Cheers.
... View more