Sidecar + NXlog source IP

tywjohn · March 9, 2020, 10:09pm

This might be more of an NXlog question than Graylog but I figured I’d try my luck anyway.
I want to use Sidecar + NXlog with a UDP syslog input forwarding logs to Graylog with a GELF output. This is working but the source IP address as shown in Graylog is the IP address of the host running NXlog. I would like to obtain the source IP address of host sending the log to NXlog using an additional field in the GELF structure.
I know that Graylog has gl2_remote_ip and was hoping I could use something similar in NXlog and add it to the message that is sent to Graylog.
The reason I need to add the source IP to the message is because a lot of Cisco devices do no include their hostname in their messages.

Alternatively, if anyone has any other ideas on how I can forward syslog messages from a Windows host to a central Graylog instance I would love to hear it. I know we can use Graylog itself as a forwarder but we have a constraint that the syslog collector needs to be on a Windows server.

tywjohn · March 10, 2020, 12:53am

Solved this issue. NXlog uses a field $MessageSourceAddress which I included in the GELF output. Works perfectly.

system · March 24, 2020, 1:04am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Syslog device source IP Address Graylog Central (peer support)	8	2949	May 16, 2022
DHCP logging to Graylog - Via NXlog & Sidecar Graylog Central (peer support) sidecar	7	3683	December 12, 2017
Syslog output in sidecar nxlog configuration managed by graylog (version 2.x) Graylog Central (peer support) sidecar	1	757	April 15, 2019
Sidecar/ nxlog not forwarding Graylog Central (peer support) sidecar	5	1627	February 7, 2018
Nxlog file input Graylog Central (peer support) sidecar , nxlog , nodatanx	2	2586	April 12, 2018

Sidecar + NXlog source IP

Related topics