[syslog-ng] Syslog server chaining issue
Maurya, Shivani
shivani.maurya at intel.com
Wed Dec 11 12:47:29 UTC 2024
Hi All,
I am using 2 syslog servers on version 3.31. The devices are sending syslog message to 1st syslog server. The 1st syslog server is forwarding the same message to 2nd syslog server.
Device --> Syslog Server 1 --> Syslog Server 2
The configurations of 1st syslog server -
Options -
keep-hostname(yes);
use-dns(yes);
use-fqdn(yes);
Destination -
destination d_sec { udp("IP_of_second_syslog" port(514) template("${ISODATE} ${HOST} ${PRIORITY} ${MSG}\n") template-escape(no)); };
The configuration of 2nd syslog server -
destination d_syslogFile { file("/var/log/syslog.log" template("${R_ISODATE} ${HOST} ${PRIORITY} ${FACILITY} ${PROGRAM} ${MSG}\n") template-escape(no)); };
Problem -
When the syslog message is getting logged at 2nd Syslog server, the ${PRIORITY} of the message is always "notice". And the original severity/priotity of the message is getting captured in the ${PROGRAM} macro.
How to capture the priority of the forwarded message on 2nd Syslog server in the ${PRIORITY} macro instead of ${PROGRAM} macro?
Regards,
Shivani Maurya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20241211/036ce264/attachment.htm>
More information about the syslog-ng
mailing list