Hi, I have syslog events coming in to a Rsyslog server from two sources: 1) Directly from the source (router, firewall etc). Lets call this stream A. 2) Processed logs from another syslog collector that acts as a relay for a different set of devices. Call this stream B.
What I want to do is forward both types of incoming events to another rsyslog server but for case: (A) I want to encapsulate the entire incoming message into a new syslog header with new timestamp and fromhost-ip. (B) Relay events coming in as is without touching any part of the message onwards. Looking up omfwd parameters, it looks like the "template" parameter is set globally for this module. How do I apply a template to one incoming stream, A, before forwarding it and not apply any modifications to another incoming stream, B, before forwarding it? TIA, Xuri _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
