So lets say i have an syslog aggregator and i let 10 firewalls send their logs to the aggregator and the aggregator sends it vclog.
how many licenses do i need?
I believe you still need at least 10 licenses since each of the original message from your firewalls with have a source hostname/IP. Log Insight counts any unique device or operating system as needing a license.
I believe you still need at least 10 licenses since each of the original message from your firewalls with have a source hostname/IP. Log Insight counts any unique device or operating system as needing a license.
Log Insight charges per the hostname field of a syslog message (the originator of a syslog message). So in your example you would need at least 10 licenses. If the syslog aggregator (which would be represented at the source field of the syslog message) was also forwarding its logs then you would need 11 licenses.
If your question is answered can you please mark it as answered? Thanks!
