I am interested in forwarding syslog and Windows events from a DMZ to Indexers which reside inside our network. We are planning to install universal forwarders both on the syslog and Windows servers, and configure them to forward the events to an intermediate forwarder which will be configured to communicate directly with our Indexer cluster. Our sole intent in doing this is to have only one machine in the DMZ communicating with the indexers. Does the intermediate forwarder need to be a heavy forwarder, or could a universal forwarder be used?
↧
Does an intermediate forwarder need to be a heavy forwarder, or can a universal forwarder be used?
↧