I am looking for an efficient way to have my ELK stack SIEM pull Alert and Audit logs from my three ePO servers. Each ePO server will only be able to use UDP as the rest of the environment is locked down and they are in different parts of the overall environment with two ePO servers in different zones connected via routers.
Is this something that has been done, or can it be done. Any and all thoughts and assistance is appreciated.