Since I started I've been sending network logs as local3.
Those syslog are being sent from appliances so the configuration options are very limited, they're also of various quality.
Unfortunately today other systems (cloudcontrol) started to send log to local3 as well. Making network dashboard much more difficult to use.
I was wondering if there was a way to identify network logs uniquely, eg at the ingestion point. So this issue stops and doesn't happen again.
Other option is to declare local3 as network only and prevent anyone else to use it for other purposes.