One of our servers is forwarding fine however the files aren't being written to var/log/syslog/remote. I am new to Splunk so any assistance would be appreciated.
That file has written by syslog-ng not splunk. You could find more information how to change and administer syslog-ng e.g. https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.22/administration-...
r. Ismo
Currently still experiencing the issue, tried the following:
- checked to see if SE Linux running in permissive mode would resolve the issue nothing
-not a disk space issue
-system for local collection is running under root account
- have identical settings on other server in different location and logs are being written.
any advice or suggestions would be appreciated.