https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327480#M93658 <P>Is there any ways for me to forward log into Kiwi Syslog Server by using Splunk universal forwarder?</P> Tue, 05 Dec 2017 07:01:51 GMT ailing1909 2017-12-05T07:01:51Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327480#M93658 <P>Is there any ways for me to forward log into Kiwi Syslog Server by using Splunk universal forwarder?</P> Tue, 05 Dec 2017 07:01:51 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327480#M93658 ailing1909 2017-12-05T07:01:51Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327481#M93659 <P>First of all, why on earth would you want to do that? Send it to Splunk instead.</P> Tue, 05 Dec 2017 14:14:13 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327481#M93659 lycollicott 2017-12-05T14:14:13Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327482#M93660 <P>Hi @ailing1909,</P> <P>From Universal Forwarder you can route data to TCP server without filtering raw data but not UDP. If your syslog can accept data on TCP port and you do not want to filter raw data then you can configure UF outputs.conf to send data to Syslog server, please refer <A href="https://docs.splunk.com/Documentation/Splunk/6.6.3/Forwarding/Forwarddatatothird-partysystemsd#TCP_data">https://docs.splunk.com/Documentation/Splunk/6.6.3/Forwarding/Forwarddatatothird-partysystemsd#TCP_data</A></P> <P>If you want to send data from UF to Syslog server over UDP then you need to use Heavy Forwarder, you can't achieve it via UF.</P> <P>I hope this helps.</P> <P>Thanks,<BR /> Harshil</P> Tue, 05 Dec 2017 14:33:49 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327482#M93660 harsmarvania57 2017-12-05T14:33:49Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327483#M93661 <P>thanks for the help <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 06 Dec 2017 00:50:12 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327483#M93661 ailing1909 2017-12-06T00:50:12Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327484#M93662 <P>hi! is there other way that i can do so? as i configure UF output.conf file, however i still didn't manage to send through</P> Thu, 07 Dec 2017 02:04:11 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327484#M93662 ailing1909 2017-12-07T02:04:11Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327485#M93663 <P>Can you please let us know how you configured on UF and in which configuration files?</P> Thu, 07 Dec 2017 03:34:12 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327485#M93663 harsmarvania57 2017-12-07T03:34:12Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327486#M93664 <P>i config in UF output.conf under UF\etc\system\local\output.conf this what i did</P> <P>[tcpout]<BR /> server = 192.168.1.113:9997<BR /> sendCookedData = false<BR /> defaultGroup = default-autolb-group</P> <P>[tcpout:default-autolb-group]<BR /> server = 192.168.1.113:9997</P> <P>[tcpout-server://192.168.1.113:9997]</P> Thu, 07 Dec 2017 03:45:23 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327486#M93664 ailing1909 2017-12-07T03:45:23Z https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327487#M93665 <P>Config which you have provided it looks like UF to Indexer configuration. </P> <P>If you want to send all data from UF to Syslog server over <STRONG>TCP</STRONG> only then please use below configuration in outputs.conf</P> <PRE><CODE>[tcpout] defaultGroup = syslog_group [tcpout:fastlane] server = &lt;SYSLOG IP&gt;:&lt;SYSLOG TCP PORT&gt; sendCookedData = false </CODE></PRE> <P>If you want to send data to Indexer and Syslog server over <STRONG>TCP</STRONG> then you can use below configuration</P> <PRE><CODE>[tcpout] defaultGroup = indexer_group, syslog_group [tcpout:indexer_group] server = &lt;IDX IP&gt;:&lt;IDX PORT&gt; [tcpout:syslog_group] server = &lt;SYSLOG IP&gt;:&lt;SYSLOG TCP PORT&gt; sendCookedData = false </CODE></PRE> Thu, 07 Dec 2017 04:20:27 GMT https://community.splunk.com/t5/Getting-Data-In/Using-Splunk-universal-forwarder-to-forward-log-into-Kiwi-Syslog/m-p/327487#M93665 harsmarvania57 2017-12-07T04:20:27Z