> I have a rsyslog forwarder RHEL 7.9 That is forwarding syslog and CEF
> messages to Azure Sentinel now using AMA. What happens is when cef messages
> are forwarded they appear in the sentinel twice once in syslog table and
> then in the common security. Which creates duplicates. It’s not possible
you need to craft a template with a fixed facility you want. That's
the part inside the template. See RFC5424 for how to calculate it
(yes, it should be easier, but it's a pretty uncommon request and this
is right now the only way to do it.).
HTH
Rainer
El dom, 24 mar 2024 a las 13:21, Steven Br
2 matches
Mail list logo
