Many users have the envisalink in a different subnet. This is one way to get the syslog out of there and do whatever you want with it.
Start a linux box / a raspberry pi / a vm / or whatever in the subnet your envisalink shares
Code: Select all
install rsyslog
Code: Select all
apt install rsyslog
Code: Select all
yum install rsyslog
then edit the configuration file for rsyslog
Code: Select all
sudo vi /etc/rsyslog.conf
Code: Select all
module(load="imudp")
input(type="imudp" port="514")
Code: Select all
*.* @remotesysloghost:port
Code: Select all
*.* @logs5.papertrailapp.com:26587
Code: Select all
firewall-cmd --zone=public --add-port=514/udp --permanent
firewall-cmd --reload
Code: Select all
systemctl restart rsyslog
Code: Select all
systemctl status rsyslog
Code: Select all
:msg, contains, "some_string_in_a_message_i_dont_want_to_send" stop
*.* @logs5.papertrailapp.com:26587
Code: Select all
:msg, contains, "some_interesting_msg" @logs5.papertrailapp.com:26587
You can use various rules and regex here to get it just right.
point envisalink syslog to this host. It will catch all the syslog messages and ship them to your remote destination