Is there any way we can forward a copy of received logs from Graylog server to SIEM tool without changing logs/events header[ie: actual source and destination].
I tried output plugins but none of them seems to be working, am I missing something here.
What format does your SIEM expect?
What headers do you mean specifically?
Which outputs (and which configuration) have you tried before and what was the result?