Forwarding iDRAC Logs to Splunk with syslog-ng
I'm a firm believer in centralized logging of everything. If it supports sending some sort of log stream to a remote location, it should be getting sent there. In my case, my lab utilizes Splunk through the developer license.
As of today, all of my logs for Windows, Linux, Firewalls, Duo, and a few other random things are in Splunk.
I actually realized I wasn't forwarding the logs when I went to update my iDRAC controller and BIOS firmware. It's been a while since I did that, so while I was in there I was validating all my other settings were as expected and realized syslog was not configured.