Deployment Architecture

How to send data to securonix servers from splunk

sbbadri
Motivator

Hi All,

Scenario:

I have 10000 Universal Forwarder deployed in windows servers and those servers contains windows event logs like security, authentication etc.I have three standalone securonix nodes and syslog-ng with tcp port is enabled on all three securonix servers. Requirement is to send windows event logs from splunk to securonix servers. I decide to follow tcp filtering and routing method from splunk to securonix servers.

Question/concern:

1) Syslog-ng can handle this huge traffic ?
2) If Syslog-ng is down, it will make splunk UF to stop sending/ingesting data ?
3) if Syslog-ng is down or can't handle the traffic it will make splunk to crash ?
4) Any other best way to send data from Splunk to Securonix server?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...