Re: [rsyslog] Relp forwarding and transfer of the $fromhost-ip property

Fri, 07 Feb 2020 13:36:56 -0800

fromhost-ip is where the connection came from, note that hostname in the message itself is maintained.
what I do is I make a custom template that reformats the message to have JSON as the syslog message (usually with $!msg to contain the original message), and that lets me add other metadata (usually under $!trusted) 


This lets me do something like $!trusted!relay!fromhost-ip to contain the 
fromhost-ip that the relay sees.
I usually log the hostnme of the relay, the timestamp of when the relay got the 
message, as well as the IP that the message came from.


David Lang




 On 
Fri, 7 Feb 2020, Fabien STEFANIAK via rsyslog wrote:



Date: Fri, 7 Feb 2020 09:23:29 +0100 (CET)
From: Fabien STEFANIAK via rsyslog <[email protected]>
To: [email protected]
Cc: Fabien STEFANIAK <[email protected]>
Subject: [rsyslog] Relp forwarding and transfer of the $fromhost-ip property



Hello ! 

I work on the creation of architecture on logs managements for internal purpose of a university. I would like to forwarding logs between of logs management servers with RELP protocol. First to create a test server to validate new configuration of centralization with a duplicate of all logs, and later for a server of elastic search integration. 

I have face to a problem, the second server receive the log with the $fromhost-ip of the server sending the replication (not the IP source of logs) but i need to apply different file name template based on network ip source. 

Is-it possible to transfer the $fromhost-ip property without works on message transmitted ? (less processing apply on logs is better for legal purpose) 

Thanks for helping if you have the solution... 

Fabien Stéfaniak 
_______________________________________________

rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to