Getting Data In

CentOS 6 server Syslog forwording to Splunk server

heykumaran
New Member

Hello,

How can i forward syslog from one of our servers (CentOS 6.3) to Splunk Server (Windows 2012). Please help me

Thanks

Tags (2)
0 Karma

jtrucks
Splunk Employee
Splunk Employee

You can have Splunk listen for this data like this:

Manager -> Data inputs -> TCP -> Add new

Choose a TCP port, allow all hosts or restrict to a single host.
Set sourcetype to syslog on the bottom drop list.

If you want to point it at the non-default index, choose More settings and pick an index.

Click save and make sure your network and host firewalls allow the traffic.

--
Jesse Trucks
Minister of Magic

yannK
Splunk Employee
Splunk Employee

The port number is the on you defined yourself in the inputs.conf of your indexer. (or using the manager).

see http://docs.splunk.com/Documentation/Splunk/5.0.4/admin/Inputsconf

usually syslog servers use 514 UDP, but you can specify any.

0 Karma

nilesh8
New Member

Hi,

Could you tell TCP port number for the same.

0 Karma

jtrucks
Splunk Employee
Splunk Employee

Please mark Answered if this does solve your issue, too. thanks 🙂

--
Jesse Trucks
Minister of Magic
0 Karma

jtrucks
Splunk Employee
Splunk Employee

Yes, you must tell the CentOS machine to send logs off host. Assuming it is rsyslog, read these docs:

http://www.rsyslog.com/doc/rsyslog_reliable_forwarding.html

You could, also, set the Splunk Data input as UDP not TCP and use this method:

http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

--
Jesse Trucks
Minister of Magic
0 Karma

heykumaran
New Member

Thanks..do i have to do any configuration in CentOS Server side to point to Splunk server

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...