Michael, On Wed, May 18, 2011 at 4:09 PM, Michael Lubinski <[email protected]> wrote: > Has anyone ever tried using Splunk like in a managed services environment. > Meaning a bunch of your customers Splunk servers send data back to a main > Splunk server through a tunnel of some sorts. > Replace Splunk == your product of choice
<disclosure> My company is a Splunk partner. </disclosure> Well, if you have a Splunk forwarder running it can send logs directly over an SSL connection. However, that would require all hosts to be able to connect to your main indexer which is probably something the customer(s) won't like. That being said - you have zillion options with Splunk. You can run an indexer at each customer's site and then just search through logs from your central site. Or, you can have Splunk agents send logs to another forwarder which then sends logs to your site - that way, only 1 server needs to be able to connect to your site. Finally, you can tunnel this traffic through SSH or whatever you want ... Hope this helps, shoot if you have more questions. Cheers, Bojan _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
