I love Splunk for log aggregation and searching through it. It’s a great tool that comes is various versions http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W  including a limited free cloud based version https://www.splunkstorm.com.

I use the because of it ease, compression and security when sending my logs over.

There is a nice guide on how to install and use the Splunkstorm forwarder.  http://docs.splunk.com/Documentation/Storm/latest/User/Setupauniversalforwarderonnix

However, to make it autostart by itself rather than having to write something myself to get it running at a reboot you have to:

/opt/splunkforwarder/bin/splunk enable boot-start

That will create a start script in /etc/init.d.

Happy Splunking

%d bloggers like this: