We have some MS PDW (parallel data warehouse) servers that are vendor appliances, so we are not allowed to install the forwarder on them. I'm trying to figure out if there is a way to collect the security event logs from these servers without having the Universal Forwarder installed. Any ideas?
You could have them SFTP'ed or syslogged to another machine with the Universal Forwarder on it