https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357801#M65348 <P>1) configure the sources to have your server be their logging destination (each kind of device does that differently, but the result is the same).</P> <P>2) install a Splunk Universal forwarder on that box, to monitor the syslog file being generated from step 1.</P> Wed, 27 Dec 2017 23:53:01 GMT petercow 2017-12-27T23:53:01Z https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357800#M65347 <P>Hello</P> <P>I have a request to have a SYSLOG server and a SPLUNK server. The request is to have the logs from external sources written to the SYSLOG server then forwarded and read by the SPLUNK server.</P> <P>I searched and read an old post </P> <P><A href="https://answers.splunk.com/answers/28680/universal-forwarder-vs-dedicated-rsyslog-syslog-ng-servers-to-forward-syslog-to-splunk-indexer.html">https://answers.splunk.com/answers/28680/universal-forwarder-vs-dedicated-rsyslog-syslog-ng-servers-to-forward-syslog-to-splunk-indexer.html</A></P> <P>I am using MS Server 2012 R2 for both, SPLUNK Enterprise 7</P> <P>How would I:</P> <OL> <LI><P>Have logs from different sources (Cisco, Microsoft, Linux) written to a SYSLOG Server.</P></LI> <LI><P>Forward the log to a SPLUNK server</P></LI> </OL> <P>Thanks</P> Wed, 27 Dec 2017 21:08:13 GMT https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357800#M65347 BLRINGLER 2017-12-27T21:08:13Z https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357801#M65348 <P>1) configure the sources to have your server be their logging destination (each kind of device does that differently, but the result is the same).</P> <P>2) install a Splunk Universal forwarder on that box, to monitor the syslog file being generated from step 1.</P> Wed, 27 Dec 2017 23:53:01 GMT https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357801#M65348 petercow 2017-12-27T23:53:01Z https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357802#M65349 <P>Thanks </P> <P>1) The logging destination is the SYSLOG Server?</P> <P>2) Install the Splunk Universal Forwarder on the SYSLOG server to forward to the SPLUNK Server?</P> <P>So the logs go to one server and the actual Splunk reports on another server? Or everything should be on one server</P> <P>Thanks, </P> Thu, 28 Dec 2017 10:04:23 GMT https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357802#M65349 BLRINGLER 2017-12-28T10:04:23Z https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357803#M65350 <P>1) yes<BR /> 2) Yes - see below<BR /> 3) You can have the syslog server also be the splunk server (in which case you don't need the forwarder), but for reasons of scalability, etc., I would have them be 2 separate servers.</P> Thu, 28 Dec 2017 14:19:19 GMT https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357803#M65350 petercow 2017-12-28T14:19:19Z https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357804#M65351 <P>Thank you</P> <P>The scalability was the main factor</P> <P>Thanks Again</P> Thu, 28 Dec 2017 14:35:30 GMT https://community.splunk.com/t5/Getting-Data-In/Log-Collection-and-forward-to-SPLUNK/m-p/357804#M65351 BLRINGLER 2017-12-28T14:35:30Z