Getting Data In

Universal Forwarder to 3rd Party Systems as Syslog

FRoth
Contributor

I've read that the Universal Forwarded is not able to forward messages to a Syslog server.
Although this TABLE says that it is possible to forward to 3rd party systems.

Could anyone clear this issue for me?

I would like to forward log entries from a Windows Eventlog Collector to a Syslog Server using splunk forwarders.

jonuwz
Influencer

See here

I have no idea if the uncooked data is in a syslog friendly format though.

Update

The uncooked data is syslog friendly.

sample outputs.conf :

[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
server = splunkindex:514
sendCookedData=false

[tcpout-server://splunkindex:514]

It does send the universal forwarder logs too though, which could be messy ( and most of the events are multiline which syslog sees as multiple events )

All things considered, it might be easier to use snare

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...