We are running SA 10.5.
Currently, most of our logs are sent to Graylog, helping out DevOps teams on operational matters. Windows logs are sent up with NXlog, we have some syslog, app logs are sent with graylog-collector in GELF or plain format.
In order to support our security analysts as well, using SA, I'd like to send the raw logs that are coming to the Graylog right before they enter, for example with Logstash to split the flow.
My question is: Can I send a stream of logs directly to the VLC's rabbitMQ? What would be alternative ways to push logs out to the RSA chain otherwise? Straight to the decoder somehow? or ESA?