Hello all,
I'm looking for guidance about a logging problem I am trying to solve. Right now we have a few security onion boxes sending snort logs to both our log server and to Splunk using syslog-ng. This works fine.
The powers that be now want to remove the direct send to Splunk and just pipe the logs from the syslog box into Splunk. What I would like to do is just forward these specific log files which are under /var/log/remote/IP1, /var/log/remote/IP2 to the Splunk box. Is there an easy way to accomplish this or do I need to get cute with eventtypes..etc? Hopefully that makes sense.
... View more