There are around 400 servers, which are already forwarding required logs to IBM Qradar using rsyslog. Instead of installing universal forwarders in every server, I want to add one more forwarder (Splunk HWF) in rsyslog config in order to receive logs from every servers.
• What utility I need to install on log Collector
• Can I install this utility on HWF itself as load is very less on this server
• Where I will define index and sourcetype details in this case
↧