Forwarding logs to syslog. | Log collection solutions

#1 pothesis 2 years ago

Hi all.

I'm having some windows server that are subscribed to a nxlog server, who in turn sends the windows logs to a linux/syslog server.

The syslog receives all these logs as NOTICE.USER which is not too practical.

I would want the nxlog to keep the criticity of the message when forwarding them. I would want nxlog to prefix the logs with the original log sender hostname so that they appear as $PROGRAM in syslog.

Also, is there a way to use some criterions to send logs from nxlog to syslog using different facilities (USER, MAIL, LOCALn,...) according to some criterions (real PROGRAM value for instance)

Permalink

#2 NenadMDeactivated Nxlog ✓ 2 years ago

#1 pothesis

Hi all. I'm having some windows server that are subscribed to a nxlog server, who in turn sends the windows logs to a linux/syslog server. The syslog receives all these logs as NOTICE.USER which is not too practical. I would want the nxlog to keep the criticity of the message when forwarding them. I would want nxlog to prefix the logs with the original log sender hostname so that they appear as $PROGRAM in syslog. Also, is there a way to use some criterions to send logs from nxlog to syslog using different facilities (USER, MAIL, LOCALn,...) according to some criterions (real PROGRAM value for instance)

Can you share your nxlog.conf file and a syslog log sample here? What module do you use to collect the Windows logs a which function to convert to syslog format (to_syslog_ietf() or to_syslog_bsd()).

Best regards,

Nenad