During a failover test, we noticed that logs from EPO stopped flowing because the SIEM was configured to collect logs based on IP address. I was wondering if there was a way to configure log collection with hostname.
If not possible, are there any alternatives that may work similarly? We do not want to have 2 seperate log sources, one that is the primary and another failover source. This will always result in at least 1 being offline at all times.