I'm currently using nxlog to filter and forward syslog: Source => Filter Logs on intermediate server with nxlog installed => forward udp 514 (syslog). Config looks like the following: Module xm_syslog #syslog to Nxlog01 Module im_udp Port 514 if (($Message =~ /REGEX/) or ($Message =~ /REGEX/)) drop(); Exec if $MessageSourceAddress != "1.1.1.1" drop(); Module pm_norepeat CheckFields Hostname, Message, SourceName #Syslog Output to DST server Module om_udp Host dstserver_ip Port 514 Exec to_syslog_bsd(); Path _sys_in => _sys_norepeat => _sys_out Firstly is this possible with the CE agent? I already performed a tcpdump on the intermediate server where nxlog is installed and i can see the syslog being received but not sent after filtered. There is udp 514 connectivity between nxlog server and destination server. I tried: * Removing all regex filtering (since i thought my regex wasn't good enough), no results. * Changed im_udp to im_tcp (i thought maybe you can't used the same port in both input and output modules). * Checked whether there actually is network connectivity between nxlog server and destination server using nc by sending a udp 514 packet to dst server. Can anyone help with this?

It seems you are missing a `parse_syslog();` call... ``` HERE!!! if (($Message =~ /REGEX/) ```