Please kindly give suggestions on the below;
I'm intending to find the best multi-domain architecture design for security logs collection to Log & Events Manager from several domain controllers (within different trees in a forest all joined together by trust relationships) on our infrastructure.
Points to Note;
1. High Availability design for LEM console at all times in other to avoid SPOF (Single point of failure for log collection).
2. Logs collection from at least 55 domain controllers (this is being streamlined shortly into 10 DC's across all our worldwide offices)
3. Suggestions on best setup or configuration to utilize least minimal bandwidth and overhead.
3. Would you suggest the usage of Kiwi Syslog servers to collate logs centrally before forwarding to LEM console or forward logs directly from devices to the LEM?
4. Scalability down the line is a factor in terms of further acquisition for the company and other Syslog network devices to forward logs.
Any suggestions on best design approach would be very much appreciated.
Kind Regards,