https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475897#M81671 <P>Hi</P> <P>If all those hosts are windows then maybe the easiest way is put one or more heavy/universal forwarders there as “gateway forwarder”. Then point all other UFs to send to those and those relay events to your main site.</P> <P>R. Ismo</P> Wed, 19 Feb 2020 17:46:16 GMT isoutamo 2020-02-19T17:46:16Z https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475896#M81670 <P>Hello, </P> <P>We have a relatively small network on a remote location that needs to forward logs onto our Splunk Instance, this remote system has particularly low bandwidth per its location.</P> <P>During our Splunk original architecture call we were advised to setup a syslog collector on this remote network, and setup a scheduled time were logs can be forwarded to the Main Splunk instance for indexing with the idea being setting this task for overnight hours.</P> <P>Since ALL systems are Windows based in this remote location, the current question we face is, in your experience - Which is the preferred syslog collector for Windows that will easily integrate with Splunk?<BR /> is Syslog-NG the best/most common application for this task?</P> <P>thank you,</P> Tue, 18 Feb 2020 15:54:17 GMT https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475896#M81670 offspringinc 2020-02-18T15:54:17Z https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475897#M81671 <P>Hi</P> <P>If all those hosts are windows then maybe the easiest way is put one or more heavy/universal forwarders there as “gateway forwarder”. Then point all other UFs to send to those and those relay events to your main site.</P> <P>R. Ismo</P> Wed, 19 Feb 2020 17:46:16 GMT https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475897#M81671 isoutamo 2020-02-19T17:46:16Z https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475898#M81672 <P>Perhaps you should consider using Windows Event Forwarding to a local server (<A href="https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection">https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection</A>) and use a Splunk forwarder to send the logs to your Splunk instance. To meet your need to send the logs off-hours, write a powershell script to enable/disable splunkd as required to meet your transmission requirements.</P> Wed, 19 Feb 2020 18:01:18 GMT https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475898#M81672 mydog8it 2020-02-19T18:01:18Z https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475899#M81673 <P>Yes, that may be a good option and because our limited bandwidth is our biggest challenge, to the tune of 1mb up/down rural and unsteady speeds we really need to limit log forwarding to a specific time of night.</P> <P>Another point I forgot to note is that we'll be 'eventually' adding networking devices such as Firewall, Network Switches, and a VPN appliance, these will need a syslog server. <BR /> We use R-Syslog on our parent network, and for that reason we're looking at alternatives that have worked well for you guys to use with Splunk from a Windows System, unfortunately standing up a Linux server is not an option in this environment.</P> <P>Any other syslog servers recommendations welcomed.</P> <P>Thank you folks.</P> Wed, 19 Feb 2020 18:16:17 GMT https://community.splunk.com/t5/Getting-Data-In/Recommended-R-Syslog-equivalent-collector-for-Windows-systems/m-p/475899#M81673 offspringinc 2020-02-19T18:16:17Z