We have about 1600 windows servers in multiple domains with the snare client sending to a central syslog server that forwards to one of our log hybrids. I am only seeing around 700 servers getting to the log hybrid. I need to determine which servers are not getting through the firewalls. Is there a way to run a report of DNS names getting to the log hybrid? If I had the domains that are being ingested I could determine which domains are not getting through.
Thanks for any help,