Firewall is sending syslog to LEM over internet but in that case when there is an internet outage, we lose the logs. Can we install a LEM agent in windows/linux machine in customer premise where firewall is deployed and on any Firewall Syslog to LEM agent and further it take it to LEM server? I know I can install Kiwi server but in that case, buying KIWI server for each customer would be very expensive.
The Agent isn't listening on any port for Syslog traffic, nor does it have to have the ability to receive syslog directly. Something else would need to do that and write it to the file system (like Kiwi) where the Agent can get it.