Barnyard2 2.1.13 sending alerts to remote syslog server.

[jdpadro]

I entered the following string into my conf file;

output alert_syslog_full: sensor_name lrc-eno2, server syslog.xxx.xxxx.xxx, protocol tcp, port 514, log_priority log_alert, operation_mode default

The strig works great with the exception of the MSGHDR which typically has a value of "snort" to identify it as a snort alert. I use this to filter it into an Index on our centralized syslog server to enhane searching. With this said, I am hoping that someone knows how to add a custom field that will export from Barnyard so that I can tag it as "snort"

Thank you