My Graylog Server is listening udp/514 by rsyslog service.
Rsyslog transmits messages when it receives any messages.
And I do the replace(let ipaddress replace source) as below picture:
The issue is:
the messages’ [gl2_remote_ip] field will replaced to RSYSLOG’s IP by RSYSLOG.
here is the config in my RSYSLOG:
*.* @10.162.102.124:1514;RSYSLOG_SyslogProtocol23Format
How can I do ?
replace the source IP in RSYSLOG?
yes I did,but issue is not resolve.
Well, that’s exactly what the gl2_remote_ip is supposed to contain: The IP address of the client from which Graylog received the message.
If the message was received from rsyslog, then gl2_remote_ip will contain the IP address of the rsyslog server.
Using a Syslog UDP or TCP input on the other hand, will try to find the hostname contained in the actual syslog message and fill the source message field with it.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.