[rsyslog] forwarding for a specific host (secondary destination based on sender)
Don M Subscriptions
donmrdch.subscriptions at gmail.com
Wed Sep 20 17:45:21 CEST 2017
We have a firewall and some other sources sending data to our syslog
server and we would like to forward the original message from one of the
input sources to a supplemental log collector. In other words, I would
like to take logs from 192.168.1.1 and send it to two destinations.
Googling this tends to get articles on basic setup.
I'd imagine that I need a "fron host" type of a test in an if statement,
and send it within a set of curly braces?
Thanks in advance for help.
Don Murdoch, Director, Security Services @ SLAIT
Book site: www.blueteamhandbook.com
More information about the rsyslog