3
responses

Hi,

I am new to NXLog and I am setting up relay log servers in IP ranges to collect and forward log events from hosts (different OS) with dynamically assigend IP addresses.

While doing so, I figured out that the forwarded log events missing important details about the orginating systems and I like to enrich the log events while receiving (accepting ) them with the following details:

- hostname as SOURCE_HOSTNAME
- ipv4 address as SOURCE_HOSTIP

How is the best practice to do so?

Rgds,
Thorsten

AskedNovember 1, 2020 - 9:41am

Answer (1)

Hey Thorsten,

You might want to add some additional fields to your log entry, code will be something like this:

<Exec>
$SOURCE_HOSTNAME = hostname();
$SOURCE_HOSTIP = host_ip();
</Exec>

Give it a try. More info here: https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#core_funcs
Best regards, Arch

Comments (2)