li-wu
commented
5 years ago Do we have an issue to track this?
Closed patriknordlen closed 5 years ago
li-wu
commented
5 years ago Do we have an issue to track this?
patriknordlen
commented
5 years ago I didn't create an issue, I saw the need for this and implemented the solution instead of filing an issue, but I can create one if it's preferred for tracking purposes etc!
patriknordlen
commented
5 years ago @li-wu should I create an issue to match the PR against?
li-wu
commented
5 years ago @li-wu should I create an issue to match the PR against?
Yes please thanks.
patriknordlen
commented
5 years ago @li-wu Done! https://github.com/splunk/eventgen/issues/299
GordonWang
commented
5 years ago Thanks for this PR. Please update the test case to address this feature.
patriknordlen
commented
5 years ago Thanks for this PR. Please update the test case to address this feature.
Thanks for the review. I pushed changes based on your comment - please review and let me know if anything should be done differently.
This PR adds functionality to the syslogoutput plugin that if enabled makes the plugin output an RFC 3164 compliant header at the beginning of each message, consisting of a timestamp and a hostname. The value of the hostname is taken from the host value defined for the sample.
The use-case is in situations where eventgen is set to output events as syslog but one wants the receiving syslog server to be able to use the sample's defined host value as originating hostname. Without the initial header this is not possible and events are sent as-is, in which case the receiving syslog server has to use the hostname of the host that eventgen is running on instead. Upon adding this header, eventgen will emulate being an intermediate syslog forwarder, adding the "original" hostname at the start of the message.