We offer a third party solution (Alliance LogAgent) that sends IBM i security events in syslog format to Splunk in real time. It works great for in-house deployments, but we have prospective customers who would like to use Splunk in the AWS cloud. I checked and I don't see a Universal Forwarder for the IBM i server platform. So a couple of questions come to mind:
1) Is it possible to send data to a Splunk AWS instance using standard syslog communications?
2) If we deployed a Windows or Linux instance of the Universal Forwarder, could we send security events from the IBM i server to the in-house instance of the Universal Forwarder, and then have it go to Splunk in AWS?
3) Is there an open source version of the Universal Forwarder?
Thanks,
Patrick
↧