We have a customer that insists on RSA providing "an all inclusive list of the syslog forwarders that SA/NW supports."
We know that as long as the/any syslog forwarder "forwards" the events to us without modifying the format or stripping out data, then we can ingest it, parse it, and away we go.
Our customer is convinced that we need to have a list of supported forwarders that we can hold up and scrutinize any program who claims to need to use one. Anyone trying to use an "unsupported" forwarder may be told to either switch forwarders or send logs directly to a LD/VLC.
Has anyone seen such a list of supported forwarders?