SC4S receives UDP/TCP syslog logs from devices, apps, and network gear, which are routed by containerized syslog-ng for parsing, normalization, and metadata enrichment. Processed events are then forwarded via HTTP Event Collector to Splunk indexers.
How SC4S Works
{ "headers": [ "Step", "Description", "Key Components" ], "rows": [ [ "Syslog Sources", "Various syslog-emitting devices and apps send UDP/TCP logs to SC4S ports.", "Devices, applications, network gear" ], [ "Containerized syslog-ng", "syslog-ng receives and routes logs within a Docker container for easy deployment.", "Docker container, syslog-ng OSE engine" ], [ "Parsing & Enrichment", "Filters classify logs; parsers normalize and enrich with metadata (e.g., host, sourcetype).", "Filters, predefined parsers, metadata enrichment" ], [ "HEC to Splunk", "Processed events forwarded via HTTP Event Collector for indexing in Splunk.", "HTTP Event Collector (HEC), Splunk indexers" ] ] }
Source: SC4S Architecture