Hello everyone !
I got a little problem with our Pulse Secure appliance Syslog format. Actualy, I use WELF to send the logs to my Syslog servers (and everythings work, I can see all the logs, ....) but, in the beginning of the log format, I want to replace the IP of my appliance to my hostname.
So, to visualise, now I got this:
Jan 10 10:10:10 XXX.XXX.XXX.XXX 2020-10-10T10:10:10+1:00 myappliancename.mycompagny.example PulseSecure: - - - - 2020-10-10 10:10:10 - myappliancename - [XXX.XXX.XXX.XXX] .......
And I want to have this:
Jan 10 10:10:10 myappliancename 2020-10-10T10:10:10+1:00 myappliancename.mycompagny.example PulseSecure: - - - - 2020-10-10 10:10:10 - myappliancename - [XXX.XXX.XXX.XXX] .......
I tried to change the logs format (standard, WELF, custom) but only the message part of the log change, not this "beginning" things.
TL;DR: I want to change in the logs structure, the IP to the hostname of my appliance.
Thanks for your help,
Hi, I tried to use the default filter: %data% %time% - %node% - [%sourceip%] %user% (%realm%) [%role%] - %msg%, but this affect only the "message" part of the log, not the first part, as I said in my first post.
I indeed have set the host name in System > Network > Overview
Thank you for confirming. What version are you using? I did a quick check and my default is showing that field as the name
If you are not currently in a cluster, can you create a cluster of one node? The
`node name` should be what is shown in the syslog output. if you are not seeing that, i would recommend opening a case with ou support team
Hi, our version is 9.1R1. We are alrerady using a cluster (of two unit).
I'll try to reach to support and see if they can help me.
Thanks for your help