Transparent NXLog Relay for syslog B
fbrollo
Hi everyone,
Here is a brief overview of what I'm trying to do:
+----------+ tcp1514 +-----+ tcp514 +---------+
|Originator|---->----|Relay|---->----|Collector|
+----------+ +-----+ syslog +---------+
192.168.56.10 192.168.56.18 192.168.56.14
Here is the message I get in RSA:
ReceivedTimeStamp RelayHostname [LogMessage]
I would like to have this
ReceivedTimeStamp OriginatorHostname [LogMessage]
I think I'm supposed to throw in an Exec: $Hostname=hostname(); somewhere, but where exactly ?
Here is what my conf files look like:
Originator:
<Input in>
Module im_file
Recursive TRUE
File 'C:\\IIS\\*.log'
</Input>
<Output out>
Module om_tcp
Host 192.168.56.18
Port 1514
</Output>
<Route 1>
Path in => out
</Route>
Relay:
<Extension syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_tcp
Port 1514
Host 0.0.0.0
</Input>
<Output out>
Module om_tcp
Host 192.168.56.14
Port 514
Exec to_syslog_bsd();
</Output>
<Route 1>
Path in => out
</Route>
Thanks for your help.
