syslog and auth.log will be forwarded by using Splunk Universal Forwarder

Splunk server - My laptop

Splunk Forwarder - Ubuntu EC2 instance

Downlading Splunk Universal Forwarder from official website

image.png

Copy wget link and download splunkforwarder

image.png

unzip .tgz file

tar xvzf splunkforwarder-9.4.0-6b4ebe426ca6-linux-amd64.tgz

Fire up the Splunk Forwarder

User name and PW setting required

image.png

image.png