[rsyslog-notify] Forum Thread: Inserting information into Log received from remote host - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Nov 3 19:19:42 CET 2015
User: snorman1483
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26095#p26095
Message:
----------
I wanted to know if it is possible to have rsyslog insert a custom hostname
or ip address into a log or raw log from a remote host that streaming it's
logs to the rsyslog server.
I have a device X that is forwarding logs to a rsyslog server and then
rsyslog server forwards to a siem tool. The SIEM Tool is removing the
information from the rsyslog server forwarding logs. But the origin log
does not contain an Ip address or hostname. Can I uses a custom template
possible to insert a custom hostname or ip address into the before it is
forwarded to the SIEM - so that the SIEM tool can identify the remote host
better?
More information about the rsyslog-notify
mailing list