This is my current splunk setup:
[User Device] --TCP Syslog--> [HeavyForwarder] --TCP Stream--> [Indexer] --TCP Stream--> [Netcat]
Syslog data is being forwarded to a heavy forwarder via TCP Syslog and then the HF forwards data via TCP stream to an Indexer. I'm having the indexer forwarded to a third party server listening using netcat. The problem is that on netcat I can see the Syslog message but I need (hostname+syslog message). Can someone help with this?
↧