Universal Forwarder to 3rd Party Systems as Syslog

FRoth · ‎12-21-2012

I've read that the Universal Forwarded is not able to forward messages to a Syslog server.
Although this TABLE says that it is possible to forward to 3rd party systems.

Could anyone clear this issue for me?

I would like to forward log entries from a Windows Eventlog Collector to a Syslog Server using splunk forwarders.

jonuwz · ‎12-21-2012

See here

I have no idea if the uncooked data is in a syslog friendly format though.

Update

The uncooked data is syslog friendly.

sample outputs.conf :

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = splunkindex:514
sendCookedData=false

[tcpout-server://splunkindex:514]

It does send the universal forwarder logs too though, which could be messy ( and most of the events are multiline which syslog sees as multiple events )

All things considered, it might be easier to use snare

Universal Forwarder to 3rd Party Systems as Syslog

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Universal Forwarder to 3rd Party Systems as Syslog

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future