Mailing List Archive

you need to craft a template with a fixed facility you want. That's
the <xx> part inside the template. See RFC5424 for how to calculate it
(yes, it should be easier, but it's a pretty uncommon request and this
is right now the only way to do it.).

HTH
Rainer

El dom, 24 mar 2024 a las 13:21, Steven Briggs via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> > I have a rsyslog forwarder RHEL 7.9 That is forwarding syslog and CEF
> > messages to Azure Sentinel now using AMA. What happens is when cef messages
> > are forwarded they appear in the sentinel twice once in syslog table and
> > then in the common security. Which creates duplicates. It’s not possible to
> > change client config, too many devices and appliances
>
>
> My question is can I change the facility of incoming syslogs on the
> > forwarding server ?
> >
> > Other question is whether I can change syslog messages to CEF format on
> > the forwarder ?
> >
> >
> >
> >
> >
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.