I tried to do this

Send syslog data from a network device (on port: 514) to a Universal Forwarder listening on port: 514 irrespective of (ANY) host's IP -> indexer listening on port 20980 -> to another Universal Forwarder listening 20981 -> to a Syslog-NG server listening for all audit data from splunk and syslog data.

the mode of travel goes like this

__Multiple syslog data_ > UF > Indexer > UF > Syslog-NG_

the data traverses over this many system as they are in different network zones with the final Syslog-NG server there being a Vendors' component. I have ensure that the Last Syslog server is receiving all my splunkd and other splunk's logs from all the components, but i cannot get the Multiple syslog data (on port:514) to send over to the final Syslog-NG server.

What do i have to do to troubleshoot it?

I've created a similar setup which vary slightly from the top to narrow down the problem.

Multiple syslog data (on port:514) -> Syslog Indexer -> UF -> Syslog-NG_

Do note that the last Syslog-NG server is the same as the one as the top. This setup apparently is sending out all the splunkd and other splunk logs out properly, on top of that the syslog data is going over correctly.

Can anyone please show me the way forward? I thank you in advance for your kind assistance.