Hello,
is there a way in the event console, to match an event to a host, that is not the original origin of the created event. Right now we use an IDS-system to generate log entries when suspicious activities take place in the network. Then a rsyslog-server passes these logs to the event console to process them. The matching with keywords works perfectly, but is there a way to assign these events to another host? The goal is to have an overview with nagvis, that displays all security issues on a map, but if all events happen on one single host, this really won’t work. Does anyone have any ideas how to solve this issue?
Grettings & thanks in advance!