> I have a rsyslog forwarder RHEL 7.9 That is forwarding syslog and CEF > messages to Azure Sentinel now using AMA. What happens is when cef messages > are forwarded they appear in the sentinel twice once in syslog table and > then in the common security. Which creates duplicates. It’s not possible to > change client config, too many devices and appliances
My question is can I change the facility of incoming syslogs on the > forwarding server ? > > Other question is whether I can change syslog messages to CEF format on > the forwarder ? > > > > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
