Hi,
I want to collect ePO logs and want to install a heavy forwarder on a Windows box for Splunk Cloud. This heavy forwarder will only be used to collect ePO and McAfee web gateway logs.
Is it okay to install the heavy forwarder as a local system user or is it recommended to be a domain user?
I will be installing the Splunk Add-on for McAfee and ePO add-on as well -- will the local system user or domain user (to install HF) make any difference?
thanks in advance.
↧