We are sending 'syslog' messages from multiple EdgeSWG devices to one 'syslog' server. We need to differentiate the messages coming from different Proxies.

In version 7.3.15, we introduced the following command. After you specify the 'syslog hostname', the 'syslog' messages should include that 'hostname' with every syslog message it sends out. You should be able to differentiate the messages coming from certain device based on the 'syslog hostname' in the message header.

Set a Hostname for the Syslog

You can now set a hostname for the syslog by using the following CLI command:
#(config event-log) syslog hostname hostname

In version 7.3.16, we introduced an additional format for Syslog. This new format has more clarity on the syslog messages (RFC 3164 does not contain the year or time zone in the message header)

Support for Additional Format in Syslog

Previously, the ProxySG appliance sent syslog messages in RFC3164 format. In this release, support for the RFC5424
format has been added. This format includes the more detailed RFC3339 timestamp, as well as additional fields before
the message (appname, procID, msgID, structureddata).

A new configuration command is available under the event-log command to allow you to select the syslog format:
#(config event-log) syslog format { rfc3164 | rfc5424 }
• The setting for the syslog format is visible in > show event-log [configuration] and # show
configuration .
• The default setting is rfc3164 .
• The event-log syslog format only affects the format sent using the syslog protocol. It does not affect the format or
timestamp of event logs viewed by any other means.