Adding SOURCE_HOSTIP and SOURCE_HOSTNAME to Logevents
Tags:
#1
TK_238869
Hi,
I am new to NXLog and I am setting up relay log servers in IP ranges to collect and forward log events from hosts (different OS) with dynamically assigend IP addresses.
While doing so, I figured out that the forwarded log events missing important details about the orginating systems and I like to enrich the log events while receiving (accepting ) them with the following details:
- hostname as SOURCE_HOSTNAME
- ipv4 address as SOURCE_HOSTIP
How is the best practice to do so?
Rgds, Thorsten
#1
TK_238869
Hi,
I am new to NXLog and I am setting up relay log servers in IP ranges to collect and forward log events from hosts (different OS) with dynamically assigend IP addresses.
While doing so, I figured out that the forwarded log events missing important details about the orginating systems and I like to enrich the log events while receiving (accepting ) them with the following details:
hostname as SOURCE_HOSTNAME
ipv4 address as SOURCE_HOSTIP
How is the best practice to do so?
Rgds,
Thorsten
Hey Thorsten,
You might want to add some additional fields to your log entry, code will be something like this:
<Exec>
$SOURCE_HOSTNAME = hostname();
$SOURCE_HOSTIP = host_ip();
</Exec>
Give it a try. More info here: https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#core_funcs
Best regards, Arch
