hi all,
I am working on a PCI environment and need to get audit logs from Linux RHEL machines into Splunk.
LAN Segment A: Splunk
LAN Segment B: Target VMs
LAN Segment C: "proxy" syslog collector separated by 2x sets of FWs from LAN Seg A, 1x set FW LAN Seg B
I need to send logs from Target VMs to proxy syslog VM (I will configure and test this). Then I have to setup Splunk to collect all these logs from the proxy syslog, but the traffic direction can only be ONE way direction, i.e., from Splunk to the proxy VM.
My understanding is that when syslog is configured on devices it "sends" the data to Splunk (if data input config in place) rather than the other way round (Splunk listens to the syslog port).
Is this possible? Reading "Get data in" doc sounds like it is the other way round, i.e., always from target devices to Splunk.
Apologies for the dumb question.
... View more