[rsyslog-notify] Forum Thread: Re: Rsyslog to Forward Logs As IS - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon May 18 21:47:05 CEST 2015
User: snorman1483
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25623#p25623
Message:
----------
Here is how the logs hit my remote server after rsyslog:
The section in Bold is what Rsyslog is placing in front. The italic part is
the message before Rsyslog. Also Rsyslog when forwarding is dropping the
<14> from the origin message.
[b:20utvgbz]05 18 2015 18:59:44 "Rsyslog Hostname" <USER:INFO>
[/b:20utvgbz][u:20utvgbz]1 2015-05-18T11:59:43.514-07:00 "Origin Hostname"
RT_FLOW - RT_FLOW_SESSION_CREATE [junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="2.2.2.2"
destination-port="00000" service-name="******" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="2.2.2.2"
nat-destination-port="00000" src-nat-rule-name="******"
dst-nat-rule-name="******" protocol-id="*" policy-name="******"
source-zone-name="******" destination-zone-name="******"
session-id-32="00000" username="******" roles="N/A"
packet-incoming-interface="******" application="******"
nested-application="******" encrypted="******"] [/u:20utvgbz]
Debug logs.
Debug line with all properties:
FROMHOST: '10.10.10.10', fromhost-ip: '10.10.10.10', HOSTNAME: 'Hostname',
PRI: 14,
syslogtag 'RT_FLOW', programname: 'RT_FLOW', APP-NAME: 'RT_FLOW', PROCID:
'-', MSGID: 'RT_FLOW_SESSION_CREATE',
TIMESTAMP: 'May 18 12:15:28', STRUCTURED-DATA: '[junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="1.1.1.1"
destination-port="00000" service-name="*****" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="1.1.1.1"
nat-destination-port="00000" src-nat-rule-name="*****"
dst-nat-rule-name="*****" protocol-id="*" policy-name="******"
source-zone-name="******" destination-zone-name="********"
session-id-32="*******" username="******" roles="******"
packet-incoming-interface="********" application="******"
nested-application="******" encrypted="********"]',
msg: ''
escaped msg: ''
inputname: imtcp rawmsg: '<14>1 2015-05-18T12:15:28.839-07:00 Hostname
RT_FLOW - RT_FLOW_SESSION_CREATE [junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="1.1.1.1"
destination-port="000000" service-name="******"
nat-source-address="1.1.1.1" nat-source-port="00000"
nat-destination-address="1.1.1.1" nat-destination-port="00000"
src-nat-rule-name="*****" dst-nat-rule-name="*******" protocol-id="*"
policy-name="*******" source-zone-name="*******"
destination-zone-name="*******" session-id-32="*******" username="*******"
roles="*******" packet-incoming-interface="*******" application="*******"
nested-application="**************" encrypted="*******"]'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: '10.10.10.10', fromhost-ip: '10.10.10.10', HOSTNAME: 'hostname',
PRI: 14,
syslogtag 'RT_FLOW', programname: 'RT_FLOW', APP-NAME: 'RT_FLOW', PROCID:
'-', MSGID: 'RT_FLOW_SESSION_CREATE',
TIMESTAMP: 'May 18 12:15:28', STRUCTURED-DATA: '[junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="1.1.1.1"
destination-port="00000" service-name="*****" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="1.1.1.1"
nat-destination-port="00000" src-nat-rule-name="*****"
dst-nat-rule-name="*****" protocol-id="8" policy-name="*****"
source-zone-name="*****" destination-zone-name="wab-pii-ext"
session-id-32="140858672" username="*****" roles="*****"
packet-incoming-interface="*****" application="*****"
nested-application="*****" encrypted="*****"]',
msg: ''
escaped msg: ''
inputname: imtcp rawmsg: '<14>1 2015-05-18T12:15:28.839-07:00 hostname
RT_FLOW - RT_FLOW_SESSION_CREATE [junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="1.1.1.1"
destination-port="00000" service-name="*****" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="1.1.1.1"
nat-destination-port="00000" src-nat-rule-name="*****"
dst-nat-rule-name="*****" protocol-id="6" policy-name="*****"
source-zone-name="*****" destination-zone-name="*****"
session-id-32="140858672" username="*****" roles="*****"
packet-incoming-interface="*****" application="*****"
nested-application="*****" encrypted="*****"]'
$!:
$.:
$/:
Debug line with all properties:
FROMHOST: '10.10.10.10', fromhost-ip: '10.10.10.10', HOSTNAME: 'hostname',
PRI: 14,
syslogtag 'RT_FLOW', programname: 'RT_FLOW', APP-NAME: 'RT_FLOW', PROCID:
'-', MSGID: 'RT_FLOW_SESSION_CREATE',
TIMESTAMP: 'May 18 12:15:28', STRUCTURED-DATA: '[junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="2.2.2.2"
destination-port="00000" service-name="*****" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="2.2.2.2"
nat-destination-port="00000" src-nat-rule-name="*****"
dst-nat-rule-name="*****" protocol-id="*" policy-name="*****"
source-zone-name="*****" destination-zone-name="*****"
session-id-32="00000" username="*****" roles="*****"
packet-incoming-interface="*****" application="*****"
nested-application="*****" encrypted="*****"]',
msg: ''
escaped msg: ''
inputname: imtcp rawmsg: '<14>1 2015-05-18T12:15:28.839-07:00 hostname
RT_FLOW - RT_FLOW_SESSION_CREATE [junos at 2636.1.1.1.2.35
source-address="1.1.1.1" source-port="00000" destination-address="2.2.2.2"
destination-port="00000" service-name="*****" nat-source-address="1.1.1.1"
nat-source-port="00000" nat-destination-address="2.2.2.2"
nat-destination-port="00000" src-nat-rule-name="*****"
dst-nat-rule-name="*****" protocol-id="*" policy-name="*****"
source-zone-name="*****" destination-zone-name="*****"
session-id-32="00000" username="*****" roles="*****"
packet-incoming-interface="*****" application="*****"
nested-application="*****" encrypted="*****"]'
$!:
$.:
$/:
More information about the rsyslog-notify
mailing list