Using the remote syslog plugin, is there a way to get the original syslog message - without the tag / hostname / timestamp ? #53
Description
When using the remote syslog plugin, it injects a new timestamp, a new tag (fluentd by default) and the hostname fields.
My understanding is as follows:
- the
timestampis for the time the event is forwarded by the Syslog Server to the Remote Syslog server - the
tagis fluentd, by default - the
hostnameis the syslog server forwarding the events to this Remote Syslog Server
Is there a way to strip / transform the record at the Remote Syslog Server ?
So for instance, I'd like to remove the fluentd tag. I'd like the timestamp and host to match what is in the body of the message.
Please refer to the screenshot below. I'd like to get rid of the items in red and use the items in green instead.
My config is as follows:
##########
# INPUTS #
##########
# udp syslog
<source>
@type syslog
<transport udp>
</transport>
bind 0.0.0.0
port 514
tag syslog
<parse>
@type none
message_format auto
with_priority true
</parse>
</source>
###########
# OUTPUTS #
###########
<match syslog**>
@type copy
<store>
@type file
path /var/log/td-agent/syslog
compress gzip
</store>
<store>
@type forward
<server>
host 192.168.0.2
port 514
</server>
</store>
<store>
@type remote_syslog
host 192.168.0.3
port 514
</store>
</match>
The output as received by Kiwi Syslog is as shown -
Any inputs / suggestions / recommendations are welcome.