We currently use nxlog on our Windows domain controllers to forward logs one destination.
With nxlog I can forward the logs to another destination and I'd like to forward the Windows event logs to our Splunk instance in Azure. With that, can I forward the domain controller logs to an on-prem heavy forwarder and then have the heavy forwarder forward the domain controller logs to Splunk in Azure?
Basically, can the heavy forwarder function as both a receiver and forwarder?
Thx
↧