Protocol |
SysLog |
|
|
Description |
Send SysLog messages to Host on Port, where the SysLog priority, facility, process name, and process ID fields are assigned from standard event fields. |
|
|
Comments |
If Host is missing, blank or invalid, disable the sender. If Port is missing, blank or invalid it will be set to 514. Special XML characters are translated according to the XML character translation table. |
<destination objectId="SysLogSndr1" type="SysLogSender" stdout="FS.DemoAlive"> <parameter type="Host">errLogHost</parameter> <parameter type="Port">21033</parameter> </destination>
Incoming ECS event XML:
Note: insert your destination Host parameter in ECA
(Use default port for syslog whenever possible.)
Input1:
<event xmlns:ev="http://www.eventgnosis.com/"> <ev:host>Host</ev:host> <ev:app>App</ev:app> <ev:log>Log</ev:log> <ev:msg>2003-11-10 03:21:32.854</ev:msg> <ev:count>6</ev:count> </event>
Syslog message sent (to host 192.169.0.3 on port 514) from 192.168.0.7
Resulting write to host/port:
{ (hostname: 192.168.0.7) facility: syslog priority: info processName: ECS (not parametrized by ECA) timestamp: Nov 10 03:21:37 message: 2003-11-10 03:21:32.854 }
Use Kiwi Syslog Daemon (third party tool) or just call SysLogDaemon.bat in ev_home\scripts folder to start ice SyslogDaemon.