I have recently (yesterday) installed a new instance of Splunk on a VM. Another VM in a separate datacentre has the Splunk forwarder installed on it.
Whilst the data being indexed isn't highly s...
In the environment:
Windows:Security, Windows:Application and Windows:System being logged on Windows servers and sent via Universal Forwarder and Splunk_TA_Windows (about 300 forwarders on w...
...onfigures inputs.conf to monitor some basic win event logs (e.g System, Security, Application).
Both of the troublesome forwarders are on machines in a dmz and were installed by the same p...
...P:port ) can forwarddata and it will be well received.
My question here is: I think i am missing something but...
If a forwarder is a malicious or external one that can infect or disable the w...
...here are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
HEC is enabled in indexers and our java based application sends data to hec i...
...intel servers.
my question: how is datasecured as it is sent to syslog (splunk server)
ssh , tls
is there a preference
any info you can provide is appreciated.
...ed to the indexer(s)?
For example: I have security relevant log data and I want this data to be forwarded first, every time. So that non-security relevant data is held back until the security r...
So i have an interesting problem, and I figure I would ask for some ideas on here.
I have a large stream of secure and unsecure data going to a Heavy forwarder. Currently we are black holing s...
...ile on the DC with the forwarder works fine, with no notable latency sending data to the indexers.
Clearing the Windows Security log allowed the events to catch-up for a short while, but they q...
...ndexers in the 4th region.
Now the requirement is to secure the forwarded data using different certificates for each location. Server certificate could be same but the client certificates should be u...