Splunk receive syslog data?

Can anyone point me to a good tutorial for using Splunk as a syslog server? I want to send all my firewall syslog data to a Windows box that has Splunk installed. I'm just learning all this stuff for the first time. I want to see what Splunk can do at the free level before we buy any licenses.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soulja53 6F 75 6C 6A 61 Commented:
Check out this link:


I used Splunk  awhile ago, and I recall it being pretty straight forward in regards to syslog. I also recall that the only benefit of the paid version is a larger database size for storing the data.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MrVaultAuthor Commented:
Thanks. Totally missed the spot in Splunk where it says "use splunk over port 514 to receive syslog data" :)

Soulja53 6F 75 6C 6A 61 Commented:
No problem!
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Sanga CollinsSystems AdminCommented:
some devices send syslog on UDP 514 instead of TCP 514 so keep an eye out for that as well
MrVaultAuthor Commented:
Thanks sangamc. double checked and we're good.
MrVaultAuthor Commented:
Also, do either of you know how to store/export plain text copies of the syslog data being sent? Right now it's putting it into the index database which is great but if we needed a plain text copy too is that possible? Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.