The following deployment example uses two syslog servers located in different cities. SEM can capture logs from multiple remote locations across wide area network (WAN) links. Because the SEM Agent includes built-in encryption, compression, and buffering capabilities, this can be done securely and efficiently.
Instead of using the syslog server built in to the SEM Manager component, this design calls for one syslog server per location. When using a detached syslog server, you need to install a SEM Agent on each detached server, and then enable the appropriate connectors on the SEM Agent. Following configuration, the SEM connectors normalize raw log messages into SEM events.