Hi All,

 

I am using 2 syslog servers on version 3.31. The devices are sending syslog message to 1^st syslog server. The 1^st syslog server is forwarding the same message to 2^nd syslog server.

 

Device à Syslog Server 1 à Syslog Server 2

 

The configurations of 1^st syslog server -

Options -

keep-hostname(yes);

use-dns(yes);

use-fqdn(yes);

 

Destination -

destination d_sec { udp("IP_of_second_syslog" port(514) template("${ISODATE}  ${HOST}  ${PRIORITY}  ${MSG}\n") template-escape(no)); };

 

The configuration of 2^nd syslog server –

 

destination d_syslogFile { file("/var/log/syslog.log" template("${R_ISODATE}  ${HOST}  ${PRIORITY}  ${FACILITY}  ${PROGRAM}  ${MSG}\n") template-escape(no)); };

 

Problem –

 

When the syslog message is getting logged at 2^nd Syslog server, the ${PRIORITY} of the message is always “notice”. And the original severity/priotity of the message is getting captured in the ${PROGRAM} macro.

How to capture the priority of the forwarded message on 2^nd Syslog server in the ${PRIORITY} macro instead of ${PROGRAM} macro?

 

Regards,

Shivani Maurya