System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Syslog-ng - Retaining the header information of the event log

AL_3001
Regular Advisor

Syslog-ng - Retaining the header information of the event log

Hello,

We have configured the syslog.conf file of server (ServerA)to re-direct security logs to a centralized logserverA. Now we want to move the logs from logserverA to logserverB.

Note: We cannot send the logs directely to logserverB from serverA as they are on different LAN.

The problem we have here is how can send the logs collected in "logserverA" to "logserverb" retaining the header information of the event log. i.e "ServerA"
For example "ServerA" sends a log event to centralized log server in "logserverA", then the log event is send from "logserverA" to
"logserverB but the header of the event log is changed, is not from "serverA" but "logserverA", and this is the problem. We need to keep the original header "serverA" in "logserverB" through "logserevrA".

One solution to this is, install a new syslog in to the sever "logserverA" called
Syslog-ng. Like keep the header of the original event-log(our objective).

Can you gurus, give us more ways achieving this objective.

Awaiting your encouraging responses.

Thanks.

-AL
2 REPLIES
smatador
Honored Contributor

Re: Syslog-ng - Retaining the header information of the event log

AL_3001
Regular Advisor

Re: Syslog-ng - Retaining the header information of the event log

Thanks mate!