Hey everyone,
I currently have several devices forwarding syslog data to a syslog server. All of the devices data gets written to a directory called /syslog on the syslog server (there is a separate directory for each device inside of the /syslog directory). The syslog server uses the Universal Forwarder to forward the data in the /syslog directory to my indexers. In addition, I would like to forward all of the data being forwarded/written to the /syslog directory on the syslog server to a third party collection server. What would be the best way to forward only the data being forwarded to the /syslog directory?
Thanks in advance for any help!
↧