RSA Admin

How to receive log, forwarded by SPLUNK?

Discussion created by RSA Admin Employee on Jan 30, 2012
Latest reply on Feb 24, 2012 by securitysavy
I am able to forward log from SPLUNK to another syslog server. From envision side, I don't know how to receive it. I started to look at Manage file reader service under Universal device collection under system configuration. I am looking at similar message service like APACHE file reader service. I am not sure I should add SPLUNK into file reader service or LEA client Service or SDEE collection service. I would really appreciate your help. Thanks

Outcomes