we are working with a Heavy forwarder and its receiving logs from a lot of sources and of course sending them into a Splunk Indexer. However, now I'm trying add the functionality to forward (firewall) logs of a specific sourcetype via syslog to another instance which is not from Splunk using a certificate.
I tried the steps of the documentation but i wasn't able to do it work properly. Can you give me some help with this please?
PD: The documentation i was using: http://docs.splunk.com/Documentation/Splunk/6.5.2/Forwarding/Forwarddatatothird-partysystemsd
Thanks you in advance
Can you describe more about the issue you are facing ? Is there an error you are getting or is it just not forwarding anything ?
Thanks for your response.
I'm receiving firewall logs into a heavy forwarder and i need to send those logs to 1) Splunk indexers and 2) McAfee SIEM using certificate for the second. but i have no idea how to do it, I tried to send syslogs to another instance and it worked but i dont know how to do it using certificate. Ofcourse it needs to be a certificate who can work with splunk and mcfee
Yes, thats exactly my issue.
In addition: I was making some test and i was able to send those logs to another instance but if you have a guide like "better practices" to do this, i would be very grateful.