Hey there
is there a way to set the source in the syslog message to be the ip form which it arrived, and not the one the device enters as source?
i have a lot of devices, that sets their username as source, instead of their ip or hostname, which makes it very difficult to extrapolate the logs…
b4 i used netxms as syslog parser, and i could change it so…
Yes, you could copy the content of the “gl2_remote_ip” field (which contains the IP address of the client which sent the message to Graylog) into the “source” field using a Copy Input extractor or a pipeline rule (set_field()).
than!
im new to graylog, but i will give it a go
hmmm any pointers, or ref to the documentation?
cant seem to figure out how to build the extractor (which field, and what type?)
I mentioned the field names and the Extractor type in my first post…
hmmm here is an example of the messages that does the problems:
i dont see the gl2_remote_ip field? or any other field i can extract the source ip from.
sorry for sounding n00b, but im all new to graylog
Fields prefixed with “gl2_” are hidden by default.
I’d recommend using a pipeline rule to to overwrite the “source” field.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
