Forward Specific logs to another log destination

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
aholli
Posts: 2
Joined: Tue Feb 16, 2021 4:38 pm

Forward Specific logs to another log destination

Post by aholli »

Hello!

I found the article about forwarding all logs to another destination via outputs and the following:

udp {
host => '192.168.1.190'
port => '514'
}

My question is, instead of forwarding everything, how can i forward specific logs? in example i have 10 log sources that i would like to specifically forward instead of everything? Can i do it by IP? would i have to filter instead? I would prefer to do it by source IP in the output config. HELP!
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Forward Specific logs to another log destination

Post by ssax »

You can do based on the value of one of the fields:

Code: Select all

if [type] == 'palo_alto' {
  udp {
    host => 'X.X.X.X'
    port => '44444'
  }
}

if [type] == 'cisco' {
  udp {
    host => 'Y.Y.Y.Y'
    port => '44445'
  }
}
OR even by IP:

Code: Select all

if [host] in ['A.A.A.A', 'B.B.B.B'] {
  udp {
    host => 'X.X.X.X'
    port => '44444'
  }
}

if [host] in ['C.C.C.C', 'D.D.D.D'] {
  udp {
    host => 'Y.Y.Y.Y'
    port => '44445'
  }
}
aholli
Posts: 2
Joined: Tue Feb 16, 2021 4:38 pm

Re: Forward Specific logs to another log destination

Post by aholli »

I will try these out! thank you!
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: Forward Specific logs to another log destination

Post by ssax »

No problem, glad to help! Let us know if you have any related questions or when we're okay to lock this up and mark it as resolved.

Thank you!
Locked