Hi Wasfi,
The Reporter doesn't actually relay the ProxySG Access Logs to the Management Center (MC). The MC queries Reporter for reports, and then MC displays the data it is given. If the Reporter server goes offline, Management Center is unable to generate any reports.
Your best bets are going to be either have a separate FTP server that everything offloads to, and have it send a copy to both Reporter or Splunk, or to create policy on the ProxySG to log actions twice, and have the second log go to Splunk. An example of how to do the latter can be found
here. You would want to change the trigger from subnet to protocol.
Thanks!
Original Message:
Sent: 07-31-2020 10:19 PM
From: Wasfi Bounni
Subject: Can the Reporter relay Proxy SG access logs to a Splunk Server
Hi;
As the Reporter can relay Proxy SG access logs to the Management Centre, can it be used to relay them to a Splunk server?
Kindly
Wasfi