Mailing List Archive: Relp forwarding and transfer of the $fromhost-ip property

Hello !

I work on the creation of architecture on logs managements for internal purpose of a university. I would like to forwarding logs between of logs management servers with RELP protocol. First to create a test server to validate new configuration of centralization with a duplicate of all logs, and later for a server of elastic search integration.

I have face to a problem, the second server receive the log with the $fromhost-ip of the server sending the replication (not the IP source of logs) but i need to apply different file name template based on network ip source.

Is-it possible to transfer the $fromhost-ip property without works on message transmitted ? (less processing apply on logs is better for legal purpose)

Thanks for helping if you have the solution...

Fabien Stéfaniak
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

fromhost-ip is where the connection came from, note that hostname in the message
itself is maintained.

what I do is I make a custom template that reformats the message to have JSON as
the syslog message (usually with $!msg to contain the original message), and
that lets me add other metadata (usually under $!trusted)

This lets me do something like $!trusted!relay!fromhost-ip to contain the
fromhost-ip that the relay sees.
I usually log the hostnme of the relay, the timestamp of when the relay got the
message, as well as the IP that the message came from.

David Lang

On
Fri, 7 Feb 2020, Fabien STEFANIAK via rsyslog wrote:

> Date: Fri, 7 Feb 2020 09:23:29 +0100 (CET)
> From: Fabien STEFANIAK via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog@lists.adiscon.com
> Cc: Fabien STEFANIAK <fabien.stefaniak@univ-angers.fr>
> Subject: [rsyslog] Relp forwarding and transfer of the $fromhost-ip property
>
>
> Hello !
>
> I work on the creation of architecture on logs managements for internal purpose of a university. I would like to forwarding logs between of logs management servers with RELP protocol. First to create a test server to validate new configuration of centralization with a duplicate of all logs, and later for a server of elastic search integration.
>
> I have face to a problem, the second server receive the log with the $fromhost-ip of the server sending the replication (not the IP source of logs) but i need to apply different file name template based on network ip source.
>
> Is-it possible to transfer the $fromhost-ip property without works on message transmitted ? (less processing apply on logs is better for legal purpose)
>
> Thanks for helping if you have the solution...
>
> Fabien Stéfaniak
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.