[syslog-ng] Outbound Facility Rewrite?
Randy Baca
randy at rbaca.com
Wed May 29 21:42:39 CEST 2013
Robert:
I am not sure using metadata is possible because the log receiver is third-party and looks at the <PRI> number for the facility and level. Do you know if facility-rewrite on the roadmap any time soon?
Thanks for the quick response!
Randy B
________________________________________
From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Fekete Róbert [frobert at balabit.hu]
Sent: Wednesday, May 29, 2013 12:36 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Outbound Facility Rewrite?
Hi,
currently it is not possible to rewrite the facility of a log message within syslog-ng.
A possible workaround might be to use the IETF5424 message format (the syslog driver in syslog-ng), and add a metadata field that describes the type of the message, and then you can use that to filter the specific messages on the receiving side.
Robert
On Wednesday, May 29, 2013 20:30 CEST, Randy Baca <randy at rbaca.com> wrote:
> Hey folks. I have looked through everywhere I can find but cannot figure out how to rewrite the outbound syslog message to a remote host so that all messages come across on the same facility. The reason I need this is to automate sorting and parsing by type of device (all Linux on one facility, all IPS on another facility, Cisco firewalls on another, etc.). Is there a way to do this with syslog-ng?
>
>
>
> Regards,
>
>
>
> Randy B
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
More information about the syslog-ng
mailing list