Hi.
How is everyone collecting syslogs from Cloud applications? Do you have to open a port on your perimeter firewall or are their other ways?
You have a few options based on your preferences:
- If you can have a fixed IP for your cloud application, you could setup a collector that is only reachable from that IP and work that way
- If you have applications in IaaS/PaaS (AWS, GCP, Azure), you can setup a collector in that environment without exposing it to the internet and just allow the traffic “internally” through vnet, security groups, etc.
- You could setup a VPN connection between your cloud environment and you existing infrastructure that hosts your collector
- Some solutions offer export to S3 and you could ingest that from a collector as well (I don’t believe Blobs are supported at the moment) - that would not be syslog though