[rsyslog] forwarding for a specific host (secondary destination based on sender)

Don M Subscriptions donmrdch.subscriptions at gmail.com
Wed Sep 20 17:45:21 CEST 2017


Greetings.

We have a firewall and some other sources sending data to our syslog 
server and we would like to forward the original message from one of the 
input sources to a supplemental log collector. In other words, I would 
like to take logs from 192.168.1.1 and send it to two destinations.

Googling this tends to get articles on basic setup.

I'd imagine that I need a "fron host" type of a test in an if statement, 
and send it within a set of curly braces?

Thanks in advance for help.

-- 
-----

     Don Murdoch, Director, Security Services @ SLAIT
     Book site: www.blueteamhandbook.com



More information about the rsyslog mailing list