<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic How can I keep Syslog from reading and storing data? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/How-can-I-keep-Syslog-from-reading-and-storing-data/m-p/614820#M106366</link>
    <description>&lt;P&gt;&lt;SPAN&gt;In syslog ng I didn’t want to read the data and store the data , how do you do that?&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Tue, 27 Sep 2022 20:54:49 GMT</pubDate>
    <dc:creator>Rah</dc:creator>
    <dc:date>2022-09-27T20:54:49Z</dc:date>
    <item>
      <title>How can I keep Syslog from reading and storing data?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-can-I-keep-Syslog-from-reading-and-storing-data/m-p/614820#M106366</link>
      <description>&lt;P&gt;&lt;SPAN&gt;In syslog ng I didn’t want to read the data and store the data , how do you do that?&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 27 Sep 2022 20:54:49 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-can-I-keep-Syslog-from-reading-and-storing-data/m-p/614820#M106366</guid>
      <dc:creator>Rah</dc:creator>
      <dc:date>2022-09-27T20:54:49Z</dc:date>
    </item>
    <item>
      <title>Re: How can I keep Syslog from reading and storing data?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-can-I-keep-Syslog-from-reading-and-storing-data/m-p/614843#M106371</link>
      <description>&lt;P&gt;Here is an example of syslog-ng configuration that stores the data on disk for Splunk to read. You will need to manage the data's retention with something like logrotate.&lt;BR /&gt;&lt;A href="https://www.splunk.com/en_us/blog/tips-and-tricks/using-syslog-ng-with-splunk.html" target="_blank"&gt;https://www.splunk.com/en_us/blog/tips-and-tricks/using-syslog-ng-with-splunk.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Here is an example that uses syslog-ng and HEC, where no data is stored on the syslog server.&lt;BR /&gt;&lt;A href="https://www.splunk.com/en_us/blog/tips-and-tricks/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html" target="_blank"&gt;https://www.splunk.com/en_us/blog/tips-and-tricks/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;You could also use the Splunk App for Syslog (SC4S)&lt;/P&gt;&lt;P&gt;&lt;A href="https://splunkbase.splunk.com/app/4740/" target="_blank"&gt;https://splunkbase.splunk.com/app/4740/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://splunk.github.io/splunk-connect-for-syslog/main/" target="_blank"&gt;https://splunk.github.io/splunk-connect-for-syslog/main/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 28 Sep 2022 00:45:58 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-can-I-keep-Syslog-from-reading-and-storing-data/m-p/614843#M106371</guid>
      <dc:creator>chaker</dc:creator>
      <dc:date>2022-09-28T00:45:58Z</dc:date>
    </item>
  </channel>
</rss>

