AnsweredAssumed Answered

Parse correct device.ip from forwarded logs

Question asked by Kevin Hraybi on Jan 9, 2017
Latest reply on Feb 7, 2018 by Anuj Shrivastava



I already took a look at How to override "device.ip" meta with the right one? 

We're using TCP Syslog for security and reglamentory reasons, we can't spoof the source ip.


We're using Balabit log forwarders to forward a huge quantity of logs into our VLC's. "Device.ip" is getting populated with the IP's of the log forwarders which is causing a lot of problems..


Has anybody found a solution for this ?


Thank you