I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA. I have some confusion and need your opinion on it.
I have a Distributed environment and have installed Splunk Add-on for Cisco ESA on both Search Head & Deployment Server. The question is:
On Cisco ESA, the logs are currently configured through FTP and I was wondering if there is a way to push/share or access these logs or should I use the SCP method.
I would greatly appreciate your suggestions.
Thanks in advance,