Re: Splunk with Tunnel

["Bojan Zdrnja (SANS ISC)" <bojan.isc () gmail com>]

Michael,

On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:
> Has anyone ever tried using Splunk like in a managed services environment.
> Meaning a bunch of your customers Splunk servers send data back to a main
> Splunk server through a tunnel of some sorts.
> Replace Splunk == your product of choice

<disclosure>
My company is a Splunk partner.
</disclosure>

Well, if you have a Splunk forwarder running it can send logs directly
over an SSL connection. However, that would require all hosts to be
able to connect to your main indexer which is probably something the
customer(s) won't like.

That being said - you have zillion options with Splunk. You can run an
indexer at each customer's site and then just search through logs from
your central site. Or, you can have Splunk agents send logs to another
forwarder which then sends logs to your site - that way, only 1 server
needs to be able to connect to your site.

Finally, you can tunnel this traffic through SSH or whatever you want ...

Hope this helps, shoot if you have more questions.

Cheers,

Bojan
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com