We have a number of endpoints that exist in DMZ environments that are serviced by a VLC for log collection from syslog devices.
The hosts in the DMZ can only talk to the VLC and cannot talk back to any other NetWitness component, the VLC exists in a security zone that does have communication back to the core NetWitness components.
Is there, or will there be the capability to have Endpoint agents check in and send logs to VLCs? I know there is the Endpoint Relay Server but my understanding is that only gives endpoint data, it doesn't do log shipping?
The Endpoint relay only does Endpoint data, however, in the agent policy you can define where the logs are sent. If you are using a connection oriented protocol, you could configure failover as well. The environment I logged into to get this screenshot only has one collector so I am unable to illustrate that as well.