Closed patriknordlen closed 5 years ago
Do we have an issue to track this?
I didn't create an issue, I saw the need for this and implemented the solution instead of filing an issue, but I can create one if it's preferred for tracking purposes etc!
@li-wu should I create an issue to match the PR against?
@li-wu should I create an issue to match the PR against?
Yes please thanks.
@li-wu Done! https://github.com/splunk/eventgen/issues/299
Thanks for this PR. Please update the test case to address this feature.
Thanks for this PR. Please update the test case to address this feature.
Thanks for the review. I pushed changes based on your comment - please review and let me know if anything should be done differently.
This PR adds functionality to the syslogoutput plugin that if enabled makes the plugin output an RFC 3164 compliant header at the beginning of each message, consisting of a timestamp and a hostname. The value of the hostname is taken from the host value defined for the sample.
The use-case is in situations where eventgen is set to output events as syslog but one wants the receiving syslog server to be able to use the sample's defined host value as originating hostname. Without the initial header this is not possible and events are sent as-is, in which case the receiving syslog server has to use the hostname of the host that eventgen is running on instead. Upon adding this header, eventgen will emulate being an intermediate syslog forwarder, adding the "original" hostname at the start of the message.