[syslog-ng] Outbound Facility Rewrite?

Balazs Scheidler bazsi at balabit.hu
Thu May 30 11:25:10 CEST 2013 

There's a workaround, use the template option and encode the required
priority there:

destination d_tcp {
	tcp("host" port(port) template("<184>$DATE $HOST $MSGHDR$MSG\n"));
};

The number enclosed in <> is the priority value, which is calculated as:

8*facility + priority

Where facility is the identifier of the facility in question (look it up in rfc3164 or 

On sze, 2013-05-29 at 19:42 +0000, Randy Baca wrote:
> Robert:
> I am not sure using metadata is possible because the log receiver is third-party and looks at the <PRI> number for the facility and level. Do you know if facility-rewrite on the roadmap any time soon?
> 
> Thanks for the quick response!
>  
> Randy B
> ________________________________________
> From: syslog-ng-bounces at lists.balabit.hu [syslog-ng-bounces at lists.balabit.hu] on behalf of Fekete Róbert [frobert at balabit.hu]
> Sent: Wednesday, May 29, 2013 12:36 PM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Outbound Facility Rewrite?
> 
> Hi,
> 
> currently it is not possible to rewrite the facility of a log message within syslog-ng.
> A possible workaround might be to use the IETF5424 message format (the syslog driver in syslog-ng), and add a metadata field that describes the type of the message, and then you can use that to filter the specific messages on the receiving side.
> 
> Robert
> 
> On Wednesday, May 29, 2013 20:30 CEST, Randy Baca <randy at rbaca.com> wrote:
> 
> > Hey folks.  I have looked through everywhere I can find but cannot figure out how to rewrite the outbound syslog message to a remote host so that all messages come across on the same facility.  The reason I need this is to automate sorting and parsing by type of device (all Linux on one facility, all IPS on another facility, Cisco firewalls on another, etc.).  Is there a way to do this with syslog-ng?
> >
> >
> >
> > Regards,
> >
> >
> >
> > Randy B
> 
> 
> 
> 
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list