I've configured a Polycom device to send Syslog events to rsyslog
I tried both UDP and TCP There is an unrelated issue, Polycom devices use port 1468 for TCP so rsyslog has to listen on that port. When the Polycom device sends a multi-line event, such as a copy of a SIP message, it sends each line as a separate event. Example below. Can rsyslog combine all the lines into a single event before sending to omelasticsearch? Another problem, for the example below, rsyslog sets programname = "0709181702|sip". For this particular device, I think programname="sip" would be correct. Is it possible to limit the programname field to use characters after the "|" symbol? 0709181702|sip |0|03|<<< Data received TLS 0709181702|sip |0|03| SIP/2.0 480 Transport failure: no transports left to try 0709181702|sip |0|03| Via: SIP/2.0/TLS 10.1.2.117:35098;branch=z9hG4bKbf166410B3A124A3;alias _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
