[rsyslog] forwarding for a specific host (secondary destination based on sender)

Don M Subscriptions donmrdch.subscriptions at gmail.com
Wed Sep 20 17:45:21 CEST 2017


We have a firewall and some other sources sending data to our syslog 
server and we would like to forward the original message from one of the 
input sources to a supplemental log collector. In other words, I would 
like to take logs from and send it to two destinations.

Googling this tends to get articles on basic setup.

I'd imagine that I need a "fron host" type of a test in an if statement, 
and send it within a set of curly braces?

Thanks in advance for help.


     Don Murdoch, Director, Security Services @ SLAIT
     Book site: www.blueteamhandbook.com

More information about the rsyslog mailing list