Skip to content

Instantly share code, notes, and snippets.

@hobbes3
Last active February 5, 2019 20:53
Show Gist options
  • Save hobbes3/9e96afc2cd6cea35cbcc9db6b570d74e to your computer and use it in GitHub Desktop.
Save hobbes3/9e96afc2cd6cea35cbcc9db6b570d74e to your computer and use it in GitHub Desktop.
syslog-ng syslog conf splunk
@version: 3.5.6
# Typically placed as /etc/syslog-ng/conf.d/splunk.conf
options {
create-dirs(yes);
owner("splunk");
group("splunk");
dir-owner("splunk");
dir-group("splunk");
dir-perm(0755);
perm(0644);
time-reopen(10);
keep-hostname(yes);
log-msg-size(65536);
ts_format(rfc3339);
frac-digits(3);
};
source s_default {
udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(514));
};
destination d_default {
file("/home/splunk/syslog-ng/$HOST/$YEAR-$MONTH-$DAY.log");
};
log {
source(s_default);
destination(d_default);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment