[syslog-ng] Forward to eIQ?

[Kevin]

Is anybody using syslog-ng to forward events to EIQ's "Syslog Service"?

I'm using Secure Computing's new "Security Reporter" (aka "G2SR"), a
relabeled EIQ product, to process logs from multiple Sidewinder G2
firewalls.

When forwarding events from syslog-ng to EIQ, their proprietary
Windows syslog daemon takes the source IP address of the syslog-ng box
and puts it into the resulting logfiles as the source of the event.

I'm wondering if there's a template() I can use to insert the original
hostname/IP such that EIQ will respect the forwarded hostname, or if I
must use source IP spoofing when forwarding to EIQ?


Thanks,

Kevin