I currently have the Windows security operations center installed on a windows 2008 R2 server. I would like to capture audit logs from a linux machine and integrate this into the splunk enterprise server to review the logs.
I am collecting logs to be compliant with DIACAP. I tried using the universal forwarder for linux and attempting writing my own app (nav, views, eventypes, etc) and was quickly overwhelmed.
Can someone recoommend the appropriate app to collect audit logs from a linux machine and display them on a windows indexer (splunk enterprise)?
Thank you.
Also, is there any service out there that I can pay to have a custom application built specifically to meet the requirements of DIACAP for auditing windows and linux?