Hi Team
This is the list of servers in my current setup:
- CONSOLE server
- Apphost
- Event Flow Processor - receives events from the customers managed WinCollect servers
- Event Processor - receives events from the customer datacenter firewalls. Syslog, no encryption
- Event Collector - connected to WAN, receives events from unmanaged WinCollect on laptops
Problem:
I have some Fortigate Firewalls at a remote customers site.
How can I forward syslog events using TLS, from theese firewalls to my QRadar?
Is this possible using some kind of a shared secret, or does it have to be done using certificates?
best regards John
------------------------------
John Petersen
------------------------------