cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AIX log ingestion issue

ackmysyn
New Contributor

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

‎Mar 24 2021 10:19 AM - edited ‎Mar 24 2021 10:45 AM

AIX log ingestion issue

I am sending AIX logs to a central rsyslog server and using the Syslog Connector to pull the logs into Azure Sentinel. The ComputerName field is populating as `Message` and not the actual hostname or IP of the system. Anyone have thoughts on how to fix this?

586 Views
0 Likes
1 Reply
Reply
1 Reply
ackmysyn

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

‎Mar 24 2021 11:46 AM - edited ‎Mar 24 2021 11:52 AM

Re: AIX log ingestion issue

Long story short, AIX adds a "Message forwarded by $hostname" string. You have to start syslogd on AIX with the flags:

startsrc -a -n -s syslogd

0 Likes
Reply