responses
Hi,
in my design, I use NXlog Community Edition servers as proxy collectors in network security zones; all production servers forward their logs to their closest NXlog proxy collector node, which in turn forwards to a SIEM server Output target.
My question is: On a such collector node, can I parse the incoming data and if coming from a certain production server Input module instance, e.g. <Input myInput1>, forward only this data to a secondary Output target?
The challenge lies in the fact that currently I've only got one collector node per security zone. The individual production server can only forward to the collector in the same zone, otherwise I would have created a separate Output instance and a Route for the particular Input instance to the secondary server.
Comments (2)
That does not appear to me to be the answer - or maybe I don't get it. To recap my design and intention:
Now to the NXlog proxy aka zone collector. How do I extract that particular Sourcename and route it out separately?
A pointer in the right direction will be greatly appreciated :)
Just wondering I am trying to accomplish the same task, so did you ever find a solution to this?