Hi, The $Hostname field set by the im_msvistalog module should be set to the name of the origin (Server 1, 2, 3). Can you verify if that's the case? The to_syslog_snare() formatter uses this value to set the syslog hostname field.
So either the $Hostname field is set incorrectly to ServerY or your SyslogServer1 uses the source IP of the sender (Server Y) instead of the value indicated in the syslog message. Regards, Botond On Mon, 12 Aug 2013 09:07:34 +0000 "Cantore, Damian" <damian.cant...@pmi.com> wrote: > Hi, > > I have setup a windows server (server Y) which centralizes the gathering of > windows logs using the Event Forwarding features that come out of the box > with windows. Then I installed NXLog in that server (Server Y) which converts > windows logs in syslog snare format and forward it further to a syslog server. > A simplification would be: > Server 1, Server 2, Server 3 (windows format) => Server Y (in, windows > format) (out, syslog_snare) => SyslogServer1 > > In my current setup the SyslogServer1 sees all messages coming from Server Y > (which is true), however I need to keep the source in the syslog header > (Server 1, Server X instead of Server Y). > > Is there a simple way of doing that by using the Exec directive ? > > Config file being used: > > <Extension syslog> > Module xm_syslog > </Extension> > > <Input in> > Module im_msvistalog > ReadFromLast TRUE > Channel ForwardedEvents > </Input> > > <Output out> > Module om_udp > Host SyslogServer1 > Port 514 > Exec to_syslog_snare(); > </Output> > > <Route 1> > Path in => out > </Route> > > Thanks a lot in advance for any help you may provide. > Damian > > > > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > nxlog-ce-users mailing list > nxlog-ce-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
