[syslog-ng] Outbound Facility Rewrite?
Fekete Róbert
frobert at balabit.hu
Wed May 29 21:36:44 CEST 2013
Hi,
currently it is not possible to rewrite the facility of a log message within syslog-ng.
A possible workaround might be to use the IETF5424 message format (the syslog driver in syslog-ng), and add a metadata field that describes the type of the message, and then you can use that to filter the specific messages on the receiving side.
Robert
On Wednesday, May 29, 2013 20:30 CEST, Randy Baca <randy at rbaca.com> wrote:
> Hey folks. I have looked through everywhere I can find but cannot figure out how to rewrite the outbound syslog message to a remote host so that all messages come across on the same facility. The reason I need this is to automate sorting and parsing by type of device (all Linux on one facility, all IPS on another facility, Cisco firewalls on another, etc.). Is there a way to do this with syslog-ng?
>
>
>
> Regards,
>
>
>
> Randy B
More information about the syslog-ng
mailing list