I have three environments, India UK and AUstralia connected with each other using MPLs link. All locations have own servers, routers, firewalls. Ultimate goal is to implement SIEM but before that would like to deploy syslog solution and that should be compatible with any SIEM such as Splunk, Solarwind, Q radar (plan is to deploy on prem SIEM only).
1. What is the best way to deploy syslog, keep three environment and install 3 KIWI syslog
2. Is it possible to collect logs locally and send them in compressed and encrypted manner to central database
3. Can that central database later forward logs to SIEM
Very much confused on best way. I have read enough about SIEM and lot of enterprises have failed implementation because they just dont setup logs and use cases properly hence we have taken call that we will install Centralized Log Management First (CLM) and looking for expert guidance and opinion here.
Regards
Arun Soni