Deployment Architecture

How to send data to securonix servers from splunk

sbbadri
Motivator

Hi All,

Scenario:

I have 10000 Universal Forwarder deployed in windows servers and those servers contains windows event logs like security, authentication etc.I have three standalone securonix nodes and syslog-ng with tcp port is enabled on all three securonix servers. Requirement is to send windows event logs from splunk to securonix servers. I decide to follow tcp filtering and routing method from splunk to securonix servers.

Question/concern:

1) Syslog-ng can handle this huge traffic ?
2) If Syslog-ng is down, it will make splunk UF to stop sending/ingesting data ?
3) if Syslog-ng is down or can't handle the traffic it will make splunk to crash ?
4) Any other best way to send data from Splunk to Securonix server?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...