[rsyslog-notify] Forum Thread: Re: Rsyslog to Forward Logs As IS - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue May 19 18:21:40 CEST 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25630#p25630
Message:
----------
a good debugging technique is to write a local file using the same template
that you would be using to send the log remotely. That way you can see
exactly what would be sent over the wire.
I suspect that in this case the SIEM tool isn't doing what it claims to be
doing (it would be far from the first such case I've run into)
so just add
/var/log/testlogs;RSYSLOG_SyslogProtocol23Format
and see what shows up there.
More information about the rsyslog-notify
mailing list