Hi,
I am wondering what are the pros and cons of the following two logging setups:
- All hosts run rsyslog and forward logs to a central server. Install Splunk Forwarder only on the central server and forward logs to Splunk server.
- Install Splunk Forward on every host and have logs forward to the Splunk server.
Would appreciate if anyone can share his/her experience. Thanks.