We have below architecture flow for RSA SA SIEM logging.
End device >> VLC >> Log Hybrid >> Archiver >> ESA >> SA
We wanted to forward the row logs of the end devices (which comes to RSA SIEM) to Logrhythm SIEM.
While some of the end devices do have the option to enable syslog for multiple destinations but not all of them.
I referred below documents but not really sure if it serves the requirement.
It says that logs of "syslog devices" can be forwarded from Log decoder to the other Syslog server. But what about the other event sources like windows, DBs etc.
Any suggestion/help around this would be much appreciated