Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.7.0
-
None
Description
When I use the syslog source to collect log from other hosts, my config like this
...
a1.sources.r1.host = 0.0.0.0
a1.sources.r1.ports = 5140
...
I'm using the "host" header to tell where the event come from.
However, when the syslog format is changed, the "host" header will miss.
In this sence, I couldn't tell where the event come from.
So I add a new config "ipHeader", it's similar to "portHeader" in Multiport Syslog TCP Source.
It can be used like this
...
a1.sources.r1.host = 0.0.0.0
a1.sources.r1.ports = 5140
a1.sources.r1.ipHeader = test_ip_header
...
Then I can get a header named "test_ip_header" in the event, the value is the ip of host which send this event.
