Anything that is restricting access to the listening syslog server would need to be open - typically this is firewall on the application server if active, and firewall on network if active.  I can't speak to your environment. ... View more

Typically you would setup a syslog listening server using a dedicated syslog application (previously stated by another person as syslog-ng or rsyslog) ... this will listen on the network port you define and it must have the open port on the server the syslog server is running from. You then configure the syslog server to listen and filter data to be placed in particular folders. You then configure the universal forwarder on the same app server to forward the filtered data to your splunk indexers. Typically a device sending a network request does not require a port to be opened - you only need the port open on the listening servers. ... View more