I am a complete noob and I need help configuring two forwarders using a deployment server:
Forwarder A
Need to monitor index.log from 3 apache directories /opt/log/www* << Do I need a whitelist or blacklist here? If so, need help there too.
Need them to go to index=www
Need to label host as webA webB and webC
Forwarder B
Need to monitor denied.log from /opt/log/syslog << Do I need a whitelist or blacklist here? If so, need help there too.
Need to monitor allowed.log from /opt/log/syslog
Need them to go to index=firewall
Need to label host as firewall1
Thank you