I have a Cisco ASA that is pushing out syslog files to the server that SPLUNK resides on. I verified they are reaching the server with TCPDump. The data is not getting into SPLUNK. Does the server need to be set up as a a syslog server, or does SPLUNK perform that function? What should be my troubleshooting steps?
Splunk CAN ingest syslog inputs directly. You would create a data input listening on UDP (and possibly TCP) on port 514 for syslog. But just because you can doesn't mean you should.
A better way to do this would be to set up a syslog server (rsyslog or syslog-ng for *nix, or on windows I think the kiwi syslog daemon may still be free for this purpose?) and use that to gather the syslog inputs into files, then configure Splunk to read those files.
Why? How? Someone else has written up some great info on this, so check here. Give that a shot and let us know how it went!