- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to you splunk forwarder to send apache-logs to syslog
i made config:
/opt/splunkforwarder/etc/system/local
inputs.conf
[default]
host = my_hostname
outputs.conf
[syslog]
defaultGroup=syslogGroup
[syslog:my_syslog_group]
server = IP:514
props.conf
[host::cpanel*]
TRANSFORMS-cpanel = send_to_syslog
[source::/usr/local/apache/domlogs/logfile]
transforms.conf
[send_to_syslog]
REGEX = .
DEST_KEY = _SYSLOG_ROUTING
FORMAT = my_syslog_group
i restart splunk
/opt/splunkforwarder/bin/splunk restart
and nothing happened (it don't send any information)
and in logs, i can't see source files
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using Universal forwarders you can't send data to syslog server Reference doc, you require splunk enterprise instance.
You can configure a heavy forwarder to send data in standard syslog format. The forwarder sends the data through a separate output processor. The syslog output processor is not available for universal or light forwarders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using Universal forwarders you can't send data to syslog server Reference doc, you require splunk enterprise instance.
You can configure a heavy forwarder to send data in standard syslog format. The forwarder sends the data through a separate output processor. The syslog output processor is not available for universal or light forwarders.
