Out siem requires to receive the logfiles once an hour.
Currently we send out the files from all proxies together the same time. So the load on the Siem interface is loaded 100% for a few minutes.
I know we can configure each proxy seperatly to upload the files one after another: (1:00, 1:02 1:04...)
But throttleing the upload would it make much easier for us :-)
Is there a specific reason that you cannot send the logs more frequently and therefore reduce the overall load on the SIEM? We currently push our log data at the lowest configurable increment of every 5 minutes.
I'm not sure if the field for Enable scheduling of log file rotation affects the field for Enable interval based log file rotation. If it does, you might be able to set up different Policy -> Settings -> File System Logging entries for each system and offset the daily rotation time value by a minute or so for each individual proxy. But I think that's what you were referring to when you said you could configure each proxy to upload the files one after another.
Another possibility, if your architecture supports it, would be to stream the log data via syslog to the SIEM.