[syslog-ng] Question on parsing
Richards, James L - DOA
James.Richards at wisconsin.gov
Fri Oct 3 21:18:07 CEST 2014
So I have a scenario I am having difficulties with.
I have an IDS sensor (suricata), and it is generating a log-file at /log_file_dir/fast.log
And I would like to parse this log and send it off to a remote syslog server.
I have put the following in my syslog-ng.conf:
source s_log_server { file("/log_file_dir/fast.log " program_override("snort")); };
added a destination for the remote server:
destination d_log_server { udp ("fqdn.of.primary.elsa.box" port(514)); };
Then in the log{ section I have put this:
Destination (d_log_server);
Logs are making it to the remote box, but in an unparsed format...
How do I get this to trigger a parser in syslog-ng?
Thanks much,
Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20141003/7e0952c5/attachment.htm
More information about the syslog-ng
mailing list