Pass eventlog event to another host, that is not the origin of the created event

Hello,

is there a way in the event console, to match an event to a host, that is not the original origin of the created event. Right now we use an IDS-system to generate log entries when suspicious activities take place in the network. Then a rsyslog-server passes these logs to the event console to process them. The matching with keywords works perfectly, but is there a way to assign these events to another host? The goal is to have an overview with nagvis, that displays all security issues on a map, but if all events happen on one single host, this really won’t work. Does anyone have any ideas how to solve this issue?

Grettings & thanks in advance!

Inside your event console rules you can also rewrite the host name.
Will this work with your messages?

1 Like

Hey, is this happening before CMK matches the hostname? Then it could work, I will test it later

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.