Change Syslog Facility when reading/forwarding windows events.

Post a different question
1
answer

Just installed nxlog to begin forwarding events to AlienVault, everything seems to be working so far with reading and forwarding events from the windows log using the im_msvistalog module.  One thing we would like to change to set the Syslog Facility before forwarding it AlienVault.  Have been unable to locate how to do so.

AskedJanuary 21, 2015 - 4:05pm

Answer (1)

Exec $SyslogFacilityValue = 1; to_syslog_bsd();

or

Exec $SyslogFacility = 'DAEMON'; to_syslog_bsd();

These are equivalent.

AnsweredJanuary 21, 2015 - 9:42pm