rsyslog parse syslog message and manipulate contents
Hello,
I have some devices that send syslog messages to an rsyslog server.
The syslog datagram is composed of a few headers, including syslog type, severity, mnemonic in addition to the syslog message.
The syslog message contains the senders ip address (not hostname), and there is no way to reconfigure the device to send hostname instead of ip address.
Example of syslog message content :
Nov 24 12:53:24 10.10.10.10 00076 ports: port 3 is now on-line
I would like rsyslog to parse out the IP, do a dns lookup and replace with the dns name before the log is written to file.
Desired output :
Nov 24 12:53:24 <hostname_from_dnslookup> 00076 ports: port 3 is now on-line
Has anyone done such a thing before, any tips/hints that can help me resolve this?
rsyslog is a must, as it is used for all our logging, so is the desire to resolve before it is written to file as it is being ingested by another tool that needs hostnames rather than ip.
Your help is much appreciated,
Thanks,
Simon.
|