Request trial
Request Trial

Transparent NXLog Relay for syslog B

View thread
fbrollo

Hi everyone,

Here is a brief overview of what I'm trying to do:

​
            +----------+ tcp1514 +-----+  tcp514 +---------+
            |Originator|---->----|Relay|---->----|Collector|
            +----------+         +-----+  syslog +---------+
           192.168.56.10      192.168.56.18     192.168.56.14

Here is the message I get in RSA:

​ReceivedTimeStamp RelayHostname [LogMessage]

I would like to have this

​ReceivedTimeStamp OriginatorHostname [LogMessage]

I think I'm supposed to throw in an Exec: $Hostname=hostname(); somewhere, but where exactly ?

Here is what my conf files look like:

Originator:

​
<Input in>
    Module    im_file
    Recursive    TRUE
    File    'C:\\IIS\\*.log'
</Input>

<Output out>
    Module  om_tcp
    Host    192.168.56.18
    Port    1514
</Output>

<Route 1>
    Path    in => out
</Route>

Relay:

​
<Extension syslog>
    Module    xm_syslog
</Extension>

<Input in>
    Module im_tcp
    Port 1514
    Host 0.0.0.0
</Input>

<Output out>
    Module  om_tcp
    Host    192.168.56.14
    Port    514
    Exec    to_syslog_bsd();
</Output>
    
<Route 1>
    Path    in => out
</Route>

Thanks for your help.

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS