splunk / eventgen

Splunk Event Generator: Eventgen
Apache License 2.0
380 stars 179 forks source link

[FEATURE/IMPROVEMENT] Add syslog header with user-specified hostname #299

Closed patriknordlen closed 5 years ago

patriknordlen commented 5 years ago

Is your feature request related to a problem? Please describe. In situations where eventgen is configured to emulate that events are originating from a certain host and set to output events as syslog, this is currently not possible, because the host information is not part of the outgoing message.

Describe the solution you'd like Add a configurable behaviour to have eventgen prefix the generated event with an initial RFC3164 compliant header to the syslog message consisting of a timestamp and the user-specified hostname. This will make it possible for receiving syslog servers to pick up the initial host and mark the events as originating from that host instead of from the IP address of the host eventgen runs on.

Describe alternatives you've considered No alternatives that I know of.

Additional context

patriknordlen commented 5 years ago

PR with suggested solution here: https://github.com/splunk/eventgen/pull/296

jmeixensperger commented 5 years ago

Closing this PR since suggested solution was successfully merged in. Feel free to re-open if this issue requires more changes.