search

poshsecurity / Posh-SYSLOG

Send SYSLOG messages from PowerShell
http://poshsecurity.com
MIT License
91 stars 19 forks source link

Allow Hostname Parameter to be provided as a PipelineParameter by Property Name #29

Open jberkers42 opened 1 year ago

jberkers42 commented 1 year ago

Is your feature request related to a problem? Please describe. I have a requirement to process some log data and send it on via Syslog, however, the log data itself contains the hostname, rather than being the same for all calls of the Send-SyslogMesssage. With the Hostname parameter not being considered as a Pipeline Parameter, the code would become more complex.

Describe the solution you'd like It would be great if the Hostname Parameter could be supplied in the Pipeline by Property Name.

Examples of how the solution would work

Convert-LogFile is an example function, that outputs PSObject with Message, Timestamp and Hostname.

$SyslogParameters = @{
  Server = '192.168.1.1'
  Severity = 'Informational'
  Facility = 'local1'
  Port = '514'
  Transport = 'UDP'
  ApplicationName = '-'
  FramingMethod = 'Non-Transparent-Framing'
}

Convert-LogFile -Path 'sample.log' | Send-SyslogMessage @SyslogParameters -RFC3164

Describe alternatives you've considered An alternate method would be to assign the results of the Convert-LogFile to a variable, and loop through the values (100's or potentially 1000's), calling Send-SyslogMessage with it's values.

Additional context The Hostname value is needed by my target SIEM system to be able to extract the originating host from the Syslog Relay header.

kjacobsen commented 1 year ago

Hey @jberkers42,

I can't see any problems with switching this. I will do some testing and get back to you when it is published.