Closed chris-y closed 5 years ago
Hi! Please check the new version with transparent format +checkbox [x] Remove headers
It should do what you want.
Hi,
I would like to re-open this, because I think my question is related and I did not want to open a new issue.
I tried the transparent format and got messages forwarded like this:
longer.name.of.our.server Apr 4 08:40:50 <46>Apr 4 08:40:50 shorter.name.of.our.server rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="7690" x-info="http://www.rsyslog.com"] start
Then I ticked the checkbox [x] "Remove headers" and got this:
longer.name.of.our.server <46>Apr 4 08:40:50 shorter.name.of.our.server rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="7690" x-info="http://www.rsyslog.com"] start
So only the timestamp was removed.
I would like the logs to be forwarded like this:
<46>Apr 4 08:40:50 shorter.name.of.our.server rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="7690" x-info="http://www.rsyslog.com"] start
Is this possible? It would be awesome. Thanks!
Using Graylog v3.0 and the latest version of the plugin (2.5.1).
Is there a possibility to add a "simple forwarding" option? ie. just push full_message to the defined syslog server?
If message has been manipulated than the other output options don't show the message as it was. The "full" option doesn't either, as you get the syslog headers followed by the full_message (plus other metadata), so it's not a true copy of the original log.