SANsymphony Syslog Message Forwarding to Elastic Search and Splunk

Explore this Page

• Executive Summary
• Introduction
• Key Benefits

Executive Summary

This document describes a new feature in DataCore SANsymphony that enables the forwarding of syslog messages to third-party log platforms such as Elastic Search and Splunk. For Elastic Stack environments (Elastic Search, Kibana, and Logstash), DataCore provides a predefined Logstash configuration file that allows administrators to automatically parse, filter, and forward SANsymphony logs to a deployed Logstash server, which then relays the logs to Elastic Search. The configuration ensures that logs are forwarded in a structured and standardized format, making them easier to query, visualize, and analyze.

This Logstash pipeline can also be customized to forward logs to Splunk, offering a unified and flexible solution. This approach empowers organizations to integrate SANsymphony logs into their preferred analytics platforms, enhancing observability, troubleshooting, and operational insights.

For more information on DataCore SANsymphony, refer to DataCore SANsymphony Help documentation.

Introduction

Many organizations prefer centralized log platforms like Elastic Stack or Splunk to monitor system activity across environments. To support this, SANsymphony can forward syslog messages using a predefined Logstash configuration file from DataCore. This file can be used as-is or integrated into an existing Logstash pipeline to parse, filter, and forward log data based on your requirements.

In Elastic Stack environments, Logstash handles log processing, Elastic Search manages indexing, and Kibana enables visualization and analysis.

Splunk provides an integrated platform that performs ingestion, parsing, indexing, and visualization through a unified web interface.

Feature Overview

This document provides step-by-step guidance to help you use the predefined Logstash configuration file from DataCore to forward SANsymphony syslog messages to third-party log platforms such as Elastic Stack(Elastic Search and Kibana) and Splunk. It covers the required deployment steps, configuration tasks, verification methods, and troubleshooting procedures to help you integrate SANsymphony logs into your existing monitoring environment for improved observability and operational insight.

Key Benefits

• Enhanced Operational Visibility: Gain deeper insights using familiar third-party tools like Elastic Stack, Kibana, and Splunk.
• Streamlined Parsing and Filtering: Leverage DataCore’s ready-to-use Logstash configuration file for simplified log processing.
• Enables Powerful Log Analysis: View, filter, and analyze logs using third-party dashboards and queries
• Faster Issue Detection and Resolution: Enable real-time search, filtering, and alerting on syslog events to quickly detect and resolve issues.

Learn More

• Setup and Deployment
• Enable Syslog Forwarding in DataCore SANsymphony
• Using the DataCore Predefined Logstash Configuration File