Hi All,
We have a SaaS offering which is hosted in the cloud and offers syslog output. We would like to send this directly to Rapid7 but would prefer not to have to create additional firewall policies to send the data into our network and then back out again. Is there a way to send unsupported syslog direct to R7?
Hi,
currently the functionality you are looking for doesn’t exist today in InsightIDR. We do have the concept of forwarding logs directly to log search in our InsightOps product Plain TCP/UDP | InsightOps Documentation
However this method would not be advisable as it is plain TCP/UDP, also any data not sent via a collector does not pass through the InsightIDR pipeline for data processing, and therefore the logs cannot be custom parsed.
We are working toward the concept of a cloud based collector - we are hoping to deliver this, starting with our Cloud Services event sources, some time next year. This would allow customers to configure cloud to cloud event sources, which is effectively what you are requesting.
David
We had a similar requirement here.
Ended up standing up some lightweight VM’s in AWS and set them up as collectors. It’s worked well for us for the last 8 months or so. Cost is relatively low also - as they don’t do that much.