Change Syslog Facility when reading/forwarding windows events.
Tags:
#1
sswager
Just installed nxlog to begin forwarding events to AlienVault, everything seems to be working so far with reading and forwarding events from the windows log using the im_msvistalog module. One thing we would like to change to set the Syslog Facility before forwarding it AlienVault. Have been unable to locate how to do so.
#1
sswager
Just installed nxlog to begin forwarding events to AlienVault, everything seems to be working so far with reading and forwarding events from the windows log using the im_msvistalog module. One thing we would like to change to set the Syslog Facility before forwarding it AlienVault. Have been unable to locate how to do so.
Exec $SyslogFacilityValue = 1; to_syslog_bsd();
or
Exec $SyslogFacility = 'DAEMON'; to_syslog_bsd();
These are equivalent.
