[rsyslog-notify] Forum Thread: Re: Rsyslog to Forward Logs As IS - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue May 19 15:04:36 CEST 2015
User: snorman1483
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25629#p25629
Message:
----------
The system that is receiving the logs is a SIEM Tool. The SIEM tool is
using the first syslog stamp which is mislead; since the second syslog
stamp is the one from the origin host.
The SIEM tool is able to process the RFC5424 format; I had to use this
format due I am receiving the logs from SRX 3400 and the other formats were
dropping 80 percent of the origin message. I would only receive up to the
RT_Flow from the firewall log.
This is all the SIEM Tool would receive.
1 2015-05-18T12:15:28.839-07:00 hostname RT_FLOW
I try the template string to see if that will forward the log as is.
More information about the rsyslog-notify
mailing list