search

wizecore / graylog2-output-syslog

Customizable, production ready syslog and ArcSight output plugin for Graylog
Apache License 2.0
39 stars 20 forks source link

[Question] How to preserve $SOURCEIP #12

Closed irongomme closed 7 years ago

irongomme commented 7 years ago

How can i use the syslog output and preserve the $SOURCEIP for the destination syslog-ng ?

huksley commented 7 years ago

Hi Jerome!

You must turn off using host as source of tcp packets with messages and use HOST field instead. Check this out: https://groups.google.com/forum/#!topic/enterprise-log-search-and-archive/D7A05VKZzz0

29 Ноя 2016 г. 18:44 пользователь "Jérôme" notifications@github.com написал:

How can i use the syslog output and preserve the $SOURCEIP for the destination syslog-ng ?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/wizecore/graylog2-output-syslog/issues/12, or mute the thread https://github.com/notifications/unsubscribe-auth/ABhT7RQh6jvbSJbceS1hwnUHOo7BRCYSks5rDEhngaJpZM4K_H_x .

huksley commented 7 years ago

Closed due to inactivity. Open new issue if you need help.