Outcold Solutions - Monitoring Kubernetes, OpenShift and Docker in Splunk
Monitoring Docker in Splunk Monitoring Kubernetes in Splunk Monitoring OpenShift in Splunk Monitoring Linux in Splunk Monitoring Windows Containers in Splunk Forwarding Logs to Elasticsearch and OpenSearch Forwarding Logs to QRadar
Documentation Blog Contact Us Pricing Evaluation licenses Partners License Agreement Privacy Policy FAQ
Syslog (QRadar)
Syslog (QRadar)

Forward Kubernetes and OpenShift logs over syslog.

Stream container logs, host logs, syslog, journald, and Kubernetes events from any cluster over RFC 5424 syslog — to QRadar, Microsoft Sentinel, or any syslog-compatible SIEM.

Install in 5 minutes Read concepts Troubleshooting

Installation

Forward logs to QRadar via syslog

Concepts

What Collectord does, the data model, and how configuration layers

Configuration

Kubernetes deployment YAML for syslog output

Annotations

Control output routing, log discovery, multiline, and field extraction per pod

Configuration

OpenShift deployment files for syslog output

Annotations reference

Full list of every annotation grouped by datatype

Troubleshooting

Verify configuration and diagnose deployment issues

License server

Distribute license keys across clusters from a central URL

Release history

Changelog of Collectord releases for the syslog forwarder

Upgrade

Step-by-step version upgrade instructions

Security

Image security, container privileges, and RBAC access model