Getting Data In
Highlighted

Can I configure a universal forwarder to send syslog messages to a syslog server?

New Member

Could some one help me out here..

Can I configure a Universal forwarder to send the syslog messages to a (non splunk) syslog server?

Right now I have Universal forwarder which is sending data to a Splunk Indexer. Can I configure the same forwarder to send the data to another system (no splunk) as syslog messages?

0 Karma
Highlighted

Re: Can I configure a universal forwarder to send syslog messages to a syslog server?

New Member

Could some one help me on this..

Thanks.

0 Karma
Highlighted

Re: Can I configure a universal forwarder to send syslog messages to a syslog server?

Splunk Employee
Splunk Employee

According to the Docs, you need to use a Heavy Forwader to use Syslog Routing:

Syslog data
You can configure a heavy forwarder to send data in standard syslog format. The forwarder sends the data through a separate output processor. You can also filter the data with props.conf and transforms.conf. You'll need to specify SYSLOGROUTING as the DEST_KEY.

Doc link:
http://docs.splunk.com/Documentation/Splunk/6.3.1/Forwarding/Forwarddatatothird-partysystemsd#Syslog...