Scenario 5: Appending the inbound syslog tag to the outbound Devo tag
- Juan Tomás Alonso Nieto (Deactivated)
The syslog tag component, when used, can be a very useful way of classifying the events generated by a single data source. The Is prefix option was designed for this purpose - when selected, the value entered in the Target tag field is considered a prefix to which the inbound syslog tag is appended.
Create the rule
Identify the Source port on which the relay will receive the inbound events. As always, it is a best practice to dedicate a single port to a single event source.
In the Target tag field, enter the root tag to which the syslog tag should be appended. Do not enter a dot after the final level of the root tag.
Take for example...
All VMware ESXi events are assigned a syslog tag that corresponds to the ESXi log file name. This makes the syslog tag a handy way to subclassify the events received by the relay. Below you can see that for this rule, you simply identify the port on which these events will be received, specify the root of the Devo tag, and select the Is prefix checkbox. All events received on port 13005 will be assigned the tag box.vmware.esx.syslogtag.
To learn about the fields in the relay rule form, check out the Defining a relay rule article.