26 Oct
2004
26 Oct
'04
10:19 p.m.
I have three syslog machines. One sits in the DMZ and sends only. One sits on the LAN, receives traffic only and is our centralized syslog host. The 3rd sits between the above two, and it's duty is to resend incoming DMZ syslog traffic to the LAN server. My problem is that all packets being sent from the DMZ are being shown on the LAN server as being from the middle box. When I inspect the packet on the LAN machine, I see the original machine's hostname is mentioned in the packet, but that hostname is ultimately ignored. My old firewall proxy solution just udp tunneled the dmz syslog; therefore, no resending happened. Help and thanks, Mark