We have placed the ERC and ESM servers over the WAN in a Datacenter and want all the devices with in a LAN behind NAT to send their logs to the ERC.
Is it possible to add those devices particularly windows servers as separate data sources in the ESM ? or should I have to add only one data source which will going
to accept all the logs of the devices behind the NAT.
You will need lots of FW rules and NAT'ing in place, also encryption. Why not put the ERC over on the other side, and connect ESM and ERC over the internet?
We have our ESM,ERC serves deployed over WAN in a Datacenter. Now we want to add devices (Servers/Switches) in ESM that are deployed in one of our sites which are behind LAN. We are thinking of deploying an additional ERC on this site with internet connectivity and configure the event log collector agents running on the devices that are in the site behind the LAN to connect to the ERC placed in the site. Further then we will going to add the ERC in the ESM as an asset.
Will this model going to work in this scenario. ?