Hi, I always appreciate your taking the time to answer my question.
We will connect independent systems using the L3 Switch and send the syslog to the cyber security operation center (CSOC) like attached picture. (Network switch will send via syslog function, and Splunk forwarder will be installed on workstation)
Since the application that was installed in the workstation cannot be modified, the IP address of server cannot be changed.
For example, if there is an application that communicates with a server having address of 192.168.0.10, it is impossible to change the server IP address because the application code cannot be modified.
Splunk Enterprise SIEM will be installed in CSOC, and Heavy Forwarder will be used as the agent for syslog transmission.
If IP addresses are duplicated between independent systems, is there a problem in transmitting logs?
Also, is there a function to transfer syslog by changing the source IP address to distinguish assets?
Or is there another way to differentiate between assets?
Best regards,
