I need to get the data from a couple dozen syslog-ng relays into my Splunk instance. Since it is a relay and the data is not stored anywhere, I am not sure how the data can be sent to the instance. Normally with a syslog-ng server, the data is stored in a directory and can be parsed and sent on using a UF. Anyone ever run into this issue and have a solution?
Below is a document I found on how to use Syslog-ng servers but nothing on just using relays. Any info helps. Thanks!
https://www.balabit.com/documents/pdf/syslog-ng-pe-whitepaper-splunk.pdf
↧