Getting Data In

CentOS 6 server Syslog forwording to Splunk server

heykumaran
New Member

Hello,

How can i forward syslog from one of our servers (CentOS 6.3) to Splunk Server (Windows 2012). Please help me

Thanks

Tags (2)
0 Karma

jtrucks
Splunk Employee
Splunk Employee

You can have Splunk listen for this data like this:

Manager -> Data inputs -> TCP -> Add new

Choose a TCP port, allow all hosts or restrict to a single host.
Set sourcetype to syslog on the bottom drop list.

If you want to point it at the non-default index, choose More settings and pick an index.

Click save and make sure your network and host firewalls allow the traffic.

--
Jesse Trucks
Minister of Magic

yannK
Splunk Employee
Splunk Employee

The port number is the on you defined yourself in the inputs.conf of your indexer. (or using the manager).

see http://docs.splunk.com/Documentation/Splunk/5.0.4/admin/Inputsconf

usually syslog servers use 514 UDP, but you can specify any.

0 Karma

nilesh8
New Member

Hi,

Could you tell TCP port number for the same.

0 Karma

jtrucks
Splunk Employee
Splunk Employee

Please mark Answered if this does solve your issue, too. thanks 🙂

--
Jesse Trucks
Minister of Magic
0 Karma

jtrucks
Splunk Employee
Splunk Employee

Yes, you must tell the CentOS machine to send logs off host. Assuming it is rsyslog, read these docs:

http://www.rsyslog.com/doc/rsyslog_reliable_forwarding.html

You could, also, set the Splunk Data input as UDP not TCP and use this method:

http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

--
Jesse Trucks
Minister of Magic
0 Karma

heykumaran
New Member

Thanks..do i have to do any configuration in CentOS Server side to point to Splunk server

0 Karma
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...