PaulDotCom mailing list archives
Re: Splunk with Tunnel
From: "Bojan Zdrnja (SANS ISC)" <bojan.isc () gmail com>
Date: Wed, 18 May 2011 19:57:17 +0200
Michael, On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:
Has anyone ever tried using Splunk like in a managed services environment. Meaning a bunch of your customers Splunk servers send data back to a main Splunk server through a tunnel of some sorts. Replace Splunk == your product of choice
<disclosure> My company is a Splunk partner. </disclosure> Well, if you have a Splunk forwarder running it can send logs directly over an SSL connection. However, that would require all hosts to be able to connect to your main indexer which is probably something the customer(s) won't like. That being said - you have zillion options with Splunk. You can run an indexer at each customer's site and then just search through logs from your central site. Or, you can have Splunk agents send logs to another forwarder which then sends logs to your site - that way, only 1 server needs to be able to connect to your site. Finally, you can tunnel this traffic through SSH or whatever you want ... Hope this helps, shoot if you have more questions. Cheers, Bojan _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Splunk with Tunnel Michael Lubinski (May 18)
- Re: Splunk with Tunnel Jim Halfpenny (May 18)
- Re: Splunk with Tunnel Bojan Zdrnja (SANS ISC) (May 18)
- Re: Splunk with Tunnel Michael Lubinski (May 18)
- Re: Splunk with Tunnel Steven McGrath (Jun 20)
- Re: Splunk with Tunnel Michael Lubinski (May 18)