monitoring devices located in DMZ
Just wondering how everyone here collects from devices located in the DMZ. Would it be best to just add a new collector in the DMZ to collect from all devices, and punch a hole in the firewall straight to that collector? Or do simply punch holes straight to each device you need to collect from?
The most common thing I see is your latter suggestion: Firewall admins will open a very specific IP to IP, port to port hole/rule/exception (pick your favorite term) so the logs can get back to enVision.