Sending Syslogs to 2 syslog collectors
Hello,
I'm trying to send Windows events to two different syslog servers.
I have two output modules and one route. I see syslog packets getting sent to both collectors but the packets are not coming in the correct format
The configuration looks like
LogLevel INFO Logfile %LOGDIR%/nxlog.log
<Extension agent_managment> Module xm_soapadmin Connect 10.x.x.n Port 4041 SocketType SSL CAFile %CERTDIR%/agent-ca.pem AllowUntrusted FALSE RequireCert TRUE <ACL conf> Directory %CONFDIR% AllowRead TRUE AllowWrite TRUE </ACL> <ACL cert> Directory %CERTDIR% AllowRead TRUE AllowWrite TRUE </ACL> </Extension>
<Extension Extension_json> Module xm_json </Extension>
<Input eventlog> Module im_msvistalog SavePos TRUE ReadFromLast TRUE Exec if ($EventID == 5156) drop(); </Input>
<Input internal_mod> Module im_internal </Input>
<Output out> Module om_tcp Host 10.x.x.a Port 514 OutputType LineBased <Exec> $Hostname = string(host_ip()); to_syslog_ietf(); parse_syslog(); $Message = '@cee: ' + to_json(); to_syslog_bsd(); </Exec> </Output>
<Output outlcp> Module om_udp Host 10.x.x.b Port 514 OutputType Dgram Exec $Hostname = string(host_ip()); Exec to_syslog_snare();
</Output> <Route Syslog_lcp> Priority 1 Path eventlog, internal_mod => outlcp, out </Route>
Hello Sir,
I see you are using different output format config on the output modules
to_syslog_ietf(); parse_syslog();
$Message = '@cee: ' + to_json(); to_syslog_bsd();
and
Exec to_syslog_snare();
May i suggest to check the format needed and convert accordingly ?
Sincerely Klevin