[rsyslog-notify] Forum Thread: Rsyslog to Forward Logs As IS - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Mon May 18 20:27:42 CEST 2015
User: snorman1483
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25621#p25621
Message:
----------
I would like to know if the version 8.9 has the ability to receive remote
logs, process them and then forward the logs as is to a different location.
It seems in the config that i am using; when forwarding the logs it places
another syslog stamp on the forward of the log.
I am using Rsyslog to receive firewall logs which already have a syslog
stamp and then forward them to multiple locations; but the remote locations
are having issue processing the proper timestamp from the origin hostname.
if $rawmsg contains_i "Hostname" then {
action(
type="omfwd"
target="IP"
port="514"
Protocol="TCP"
Template="RSYSLOG_SyslogProtocol23Format"
queue.spoolDirectory="/var/log/rsyslog"
queue.maxdiskspace="10g"
action.resumeRetryCount="-1"
queue.filename="spooledlogs"
queue.type="LinkedList"
queue.saveonshutdown="on"
queue.maxfilesize="64m"
)
stop
}
More information about the rsyslog-notify
mailing list