我们可以将日志转发到另一个系统日志服务器的TIBCO loglogic吗?
我们如何配置日志逻辑以读取RFC3164标题&从头部读取实际的源设备名称,而不是根据转发syslog数据包的源IP猜测源设备名称?
这是我们的设置:
设备A,B& C将其syslog发送到UNIX syslog服务器X。
服务器X又将日志转发到日志逻辑服务器。
我们需要日志逻辑服务器能够读取传入的日志标头,并了解系统日志真正适用于设备A,B和B。下进行。
当我们在我们的环境中尝试这个时,日志逻辑服务器假设所有传入的数据都是服务器X&无法理解数据来自设备A,B& C基于RFC3164标头
答案 0 :(得分:0)
After reviewing with tibco support, it looks like their appliance does not care much about RFC3164. We will have to use property based filtering. The log logic appliance also does not read the timestamp or the sender off the syslog header. The sender is based off the IP header & timestamp is dependent on when the log message reaches the server, not when it was actually created.