But is this just a consequence of the parsing/tagging that is provided with the current Firesight app? Or is there an actual difference in the data that is sent via syslog as opposed to pulled by estreamer?
... View more
Not seeing any answers anywhere on where to install the esteamer_client in a distributed environment. Anyone have this answer yet on how to do this?
I would think if you installed it on ALL indexers they would all do the polling and have redundant data.
Is it confirmed that installing on a heavy forwarder (that doesn't index) will not work?
... View more