I am trying to send syslog data to Storm, but I have 2 issues
- I cannot specify another destination than UDP 514 on my servers.
- The IP of my servers is not static, and I cannot maintain them in the project whitelist
And I would like to setup a intermediate server to solve those 2 issues. I know how to setup a syslog server to redirect, but I would like to achieve the same with a Splunk Universal Forwarder to get the authentication and the encryption.
Is it possible to completely remove the syslog server and have splunk listening on port UDP 514 ?