We have 3 servers in our Environment
1) Syslog server
2) Splunk Universal Forwarder
3) Splunk Indexer
To be done: Forward the data from Splunk Indexer to the Syslog Server
Procedure:
1) we have configured the Splunk forwarder on the system and forwarded the data from the forwarder to Indexer
2) we are able to see the syslog data from the forwarder in the indexer
3) Since the logs are generated in the indexer, we have to forward the logs to the syslog server
4) we have followed the splunk kb http://docs.splunk.com/Documentation/Splunk/6.4.1/Forwarding/Forwarddatatothird-partysystemsd for the same.
5) we are also able to capture the logs from the Indexer on the syslog server.
6) now when I generate a log from the logger command on the forwarder, it is capturing in the indexer, but it is not forwarded to the syslog server
Can anyone give me solution?
↧