How would we ensure data persistence/queuing when using Ryan Faircloth's (or a similar script) method to batch the syslog messages using a script rather than the default one message per POST of syslog-ng's http() output ?
Scenario is if there's an 1h network outage between syslog-ng and the HEC HWFs
https://www.rfaircloth.com/2017/02/10/building-perfect-syslog-collection-infrastructure/
↧