This might be more of an NXlog question than Graylog but I figured I’d try my luck anyway.
I want to use Sidecar + NXlog with a UDP syslog input forwarding logs to Graylog with a GELF output. This is working but the source IP address as shown in Graylog is the IP address of the host running NXlog. I would like to obtain the source IP address of host sending the log to NXlog using an additional field in the GELF structure.
I know that Graylog has gl2_remote_ip and was hoping I could use something similar in NXlog and add it to the message that is sent to Graylog.
The reason I need to add the source IP to the message is because a lot of Cisco devices do no include their hostname in their messages.
Alternatively, if anyone has any other ideas on how I can forward syslog messages from a Windows host to a central Graylog instance I would love to hear it. I know we can use Graylog itself as a forwarder but we have a constraint that the syslog collector needs to be on a Windows server.