SysLog Sender-v2

Protocol

SysLog

 

 

Description

Send SysLog messages to Host on Port, where the SysLog priority, facility, process name, and process ID fields are assigned from standard event fields.

 

 

Comments

If Host is missing, blank or invalid, disable the sender.

If Port is missing, blank or invalid it will be set to 514.

Special XML characters are translated according to the XML character translation table.

 

Example

<destination objectId="SysLogSndr1" type="SysLogSender" stdout="FS.DemoAlive">
	<parameter type="Host">errLogHost</parameter>
	<parameter type="Port">21033</parameter>
</destination>
 

Event Mapping

Incoming ECS event XML:

Note: insert your destination Host parameter in ECA
(Use default port for syslog whenever possible.)

Input1:


<event xmlns:ev="http://www.eventgnosis.com/">
	<ev:host>Host</ev:host>
	<ev:app>App</ev:app>
	<ev:log>Log</ev:log>
	<ev:msg>2003-11-10 03:21:32.854</ev:msg>
	<ev:count>6</ev:count>
</event>

Syslog message sent (to host 192.169.0.3 on port 514) from 192.168.0.7

Resulting write to host/port:

{
	(hostname: 192.168.0.7)
	facility: syslog
	priority: info
	processName: ECS (not parametrized by ECA)
	timestamp: Nov 10 03:21:37
	message: 2003-11-10 03:21:32.854
}

Use Kiwi Syslog Daemon (third party tool) or just call SysLogDaemon.bat in ev_home\scripts folder to start ice SyslogDaemon.