What kind of syslog server tool is best on Linux to capture the CyberArk logs into Splunk. We are planning to setup syslog on the heavy forwarder and directly monitor the inputs from the syslog location on the heavy forwarder.
Is it a best practice/doable to combine both on a same servers we don't have any dedicated syslog server in our environment?