This is not a splunk specific question however it is very related and involves config of syslog on a linux host that will NOT send to my splunk server.
I have a linux server running syslogd ver 1.4.1 and I have added a line to the syslog.conf file that has . @192.168.1.1:64514
(I use port 64514 due to a port conflict but it works). Keep in mind I have this working on other hosts.
When I trigger an event I get nothing on Splunk. If I run a packet capture on the host I do not even see the packets attempting to leave. However, if I remove the port number (64514), I do see traffic leaving on port 514.
Can anyone help with this problem?
See here you have just mentioned the ipaddress of the other host in the syslog.conf file in which where your all logs that listening to the port 514 to be forwarded tell me that have you installed and configured the splunk on the 192.168.1.1 server?.
inform me whether above my comments gave you an idea.