Hi,
I have setup a windows server (server Y) which centralizes the gathering of
windows logs using the Event Forwarding features that come out of the box with
windows. Then I installed NXLog in that server (Server Y) which converts
windows logs in syslog snare format and forward it further to a syslog server.
A simplification would be:
Server 1, Server 2, Server 3 (windows format) => Server Y (in, windows format)
(out, syslog_snare) => SyslogServer1
In my current setup the SyslogServer1 sees all messages coming from Server Y
(which is true), however I need to keep the source in the syslog header (Server
1, Server X instead of Server Y).
Is there a simple way of doing that by using the Exec directive ?
Config file being used:
<Extension syslog>
Module xm_syslog
</Extension>
<Input in>
Module im_msvistalog
ReadFromLast TRUE
Channel ForwardedEvents
</Input>
<Output out>
Module om_udp
Host SyslogServer1
Port 514
Exec to_syslog_snare();
</Output>
<Route 1>
Path in => out
</Route>
Thanks a lot in advance for any help you may provide.
Damian
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
