Thank you.
On 9/20/2017 1:28 PM, Andrew Griffin wrote:
You can do this pretty easily by having a ruleset with two actions in
it, e.g:
ruleset ( name = dupe_logs ) {
action (
name = "send_to_file"
type = "omfile"
file = "/logs/mylog.log"
)
action (
name = "send_to_other_log_collector"
type = "omfwd"
target = "my_collector.mybusiness.com"
port = "12345"
)
}
*Andrew Griffin*
Apple
ETS / Integration Services
1 Infinite Loop, 175-DR
Cupertino, CA 95014, USA
Office 408-783-8348
iPhone 916-897-4335
andrew_grif...@apple.com <mailto:andrew_grif...@apple.com>
This email and any attachments may be privileged and may contain
confidential information intended only for the recipient(s) named
above. Any other distribution, forwarding, copying or disclosure of
this message is strictly prohibited. If you have received this email
in error, please notify me immediately by telephone or return email,
and delete this message from your system.
On Sep 20, 2017, at 8:45 AM, Don M Subscriptions via rsyslog
<rsyslog@lists.adiscon.com <mailto:rsyslog@lists.adiscon.com>> wrote:
Greetings.
We have a firewall and some other sources sending data to our syslog
server and we would like to forward the original message from one of
the input sources to a supplemental log collector. In other words, I
would like to take logs from 192.168.1.1 and send it to two destinations.
Googling this tends to get articles on basic setup.
I'd imagine that I need a "fron host" type of a test in an if
statement, and send it within a set of curly braces?
Thanks in advance for help.
--
-----
Don Murdoch, Director, Security Services @ SLAIT
Book site: www.blueteamhandbook.com <http://www.blueteamhandbook.com>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
--
-----
Don Murdoch, Director, Security Services @ SLAIT
Book site: www.blueteamhandbook.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.