For security reason , in our project we want that the log files (audit logs,developer's logs etc) should not go outside our server. So, I want to know whether splunk saves a copy of the log files in their server side.How exactly it works .
Also,whether splunk is able to give multilingual support of the log files.
Not sure what you mean by "their server side". Splunk stores all events in its "database" (in Splunk terms called an "index") on the machine that you've installed Splunk on. No events or other info is sent out from your networks.
As for multilingual support, I don't understand what you mean by that. Please clarify.
If you're looking into performing an RFP / evaluation with Splunk I think the best idea is to contact Splunk sales.
Splunk saves all raw logs just as they are - it doesn't change them in any way. So if you have logs in, say, English, then that's the language you will see. (This goes for any solution out there - I'm pretty sure no log management / SIEM solution performs on-the-fly translation)
Full requirement of Logging:
1.Logs must be tamper-evident
2.Log functionality must support logging of sensitive data (ie: encrypted, and viewable/decrypted only by authorized users)
3.The system shall support “centralized” log functionality
4.The system must support authorization for viewing/configuring logs
5.The system must provide functionality to view, search and filter logs,
6.the system shall support reporting/printing/exporting logging data
7.The system must support “administration/configuration” of logs
8.Logging must support multi-language
Whether these are fulfilled by splunk.
First of all thank you for your answer.
By multilingual support I mean; log should support multiple language,i.e. logs can be displayed in multiple language.