Hi all
I have an specific use-case scenario were I'm testing out Elastic Agent on windows clients.
Some of these logs will be sent to the ELK SIEM for analysis, more debuging and version related information. Other logs like security events Is my goal to send to a separate syslog server. These logs shouldn't be available or sent at all to the ELK SIEM.
Been reading some documentation on Logstash. A Logstash server should fit my purpose, where It has the ability to ship logs do different syslog servers.
But I don't find any documentation on how to split the trafic depends on the event itself.
So Is my use-case even possible?
If so, should i configure the split in the agent Itself or should I go for a Logstash for this?
Thanks!