We enabled the syslog to be sent to our Heavy forwarder, however, after the configuration we are not seeing the folder is created in /opt/syslog or /opt/syslog-tcp , normally whatever the syslog we receive it automatically creates a folder with the respective server IP in the aforementioned folders.
Is there anything to do from the splunk side, because this is not the first time Splunk receives syslog we do receive from many security devices, but from a standlone server this is the first time we are receiving such logs.
↧