0

I would like to forward from a log collector many syslog message to another log collector and maintain the original syslog message. When I forward maybe the first log collector add a data and source ip address before the original message. I want to remove it and maintain the first original syslog message.

Original

"<159>ago 09 12:23:35 90.149.40.214 message.."

Forwarded message

Aug  9 12:21:27 192.168.1.218 {"message": "<159>ago 09 12:23:35 90.149.40.214 message.."
ELK2
  • 3
  • 1
  • 2
  • 5
  • That’s easy enough, but you will want a version of rsyslogd that is recent enough to encode correct json. Then just use the rawmsg property. Google rsyslog json and you’ll find an example easily. You will likely want to include some other things too, such as the IP the message came from. – Cameron Kerr Aug 09 '18 at 11:35
  • I want only the original message. With rsyslog json it add anyway date and ip source that I don't want. – ELK2 Aug 09 '18 at 12:46
  • Please provide your configuration – Cameron Kerr Aug 09 '18 at 20:12

0 Answers0