Can we forward logs to TIBCO loglogic form another syslog server?
How do we configure log logic to read the RFC3164 header & read the actual source device name from the header rather than guessing the source device name based on the source IP from where the syslog packet was forwarded?
This is our setup:
Device A, B & C send their syslogs to a UNIX syslog server X.
Server X in turn forwards logs to the log logic server.
We need the log logic server to be able to read the incoming log headers and understand that the syslogs are really for devices A, B & C.
When we tried this in our environment, the log logic server assumed that all the incoming data was form server X & could not understand that the data was from device A, B & C based on the RFC3164 header
After reviewing with tibco support, it looks like their appliance does not care much about RFC3164. We will have to use property based filtering. The log logic appliance also does not read the timestamp or the sender off the syslog header. The sender is based off the IP header & timestamp is dependent on when the log message reaches the server, not when it was actually created.