At the moment, I need a solution to a particular problem. I need to use a syslog relay agent to receive syslog data at the NXLog host, and relay it to another collector. This is to reduce the number of firewall rules needed to get syslogs from more secure areas of the network out to our SIEM. I would especially like to be able to have the source of the syslog be the same as the *original* source host - i.e. I don't want all 5 hosts for which I am relaying syslog data, to appear in the SIEM as if the source is the NXLog relay host.
I am just beginning to look into this so any assistance is appreciated.