Forwarding Syslog from Virtual Log Collector to non NetWitness destination
We have a Virtual Log Collector out in our DMZ collecting logs and receiving syslog from our firewalls.
Our new Internet proxy recommends sending syslog to a system like Graphite/Grafana for advanced usage stats. It only allows sending to a single destination.
I'd like to be able to send this syslog to both NetWitness and Grafana.
Can the Virtual Log Collector be configured to send syslog from the new proxy to a separate non NetWitness syslog destination?
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
- virtual log collector
Using the process here I was able to shovel syslog from a VLC to a 3rd party destination:
It worked very well for our needs. We did have some issues with header re-writes that caused us some grief, but with some poking we were able to successfully intake syslog into both NetWitness as well as sending to a 3rd party.