cancel
Showing results for 
Search instead for 
Did you mean: 

Edit Syslog structure

New Contributor

Edit Syslog structure

Hello everyone !

 

I got a little problem with our Pulse Secure appliance Syslog format. Actualy, I use WELF to send the logs to my Syslog servers (and everythings work, I can see all the logs, ....) but, in the beginning of the log format,  I want to replace the IP of my appliance to my hostname.

 

So, to visualise, now I got this:

Jan 10 10:10:10 XXX.XXX.XXX.XXX 2020-10-10T10:10:10+1:00 myappliancename.mycompagny.example PulseSecure: - - - - 2020-10-10 10:10:10 - myappliancename - [XXX.XXX.XXX.XXX] .......

 

And I want to have this:

Jan 10 10:10:10 myappliancename 2020-10-10T10:10:10+1:00 myappliancename.mycompagny.example PulseSecure: - - - - 2020-10-10 10:10:10 - myappliancename - [XXX.XXX.XXX.XXX] .......

 

I tried to change the logs format (standard, WELF, custom) but only the message part of the log change, not this "beginning" things.

 

TL;DR: I want to change in the logs structure, the IP to the hostname of my appliance.

 

Thanks for your help,

 

5 REPLIES 5
Moderator

Re: Edit Syslog structure

I'm not sure that can be done; what is the filter you created look like? do you have a hostname configured at system>network>overview?
Highlighted
New Contributor

Re: Edit Syslog structure

Hi, I tried to use the default filter: %data% %time% - %node% - [%sourceip%] %user% (%realm%) [%role%] - %msg%, but this affect only the "message" part of the log, not the first part, as I said in my first post.

 

I indeed have set the host name in System > Network > Overview

Moderator

Re: Edit Syslog structure

 

Thank you for confirming. What version are you using? I did a quick check and my default is showing that field as the name ive

If you are not currently in a cluster, can you create a cluster of one node? The `node name` should be what is shown in the syslog output. if you are not seeing that, i would recommend opening a case with ou support team

 

New Contributor

Re: Edit Syslog structure

Hi, our version is 9.1R1. We are alrerady using a cluster (of two unit).

 

I'll try to reach to support and see if they can help me.

 

Thanks for your help

Moderator

Re: Edit Syslog structure

You are welcome; I am sorry to hear it is not working as expected and seen in our testing here. I hope your case with support shows successful resolution