It seems f5 (and akamai) can send the ip address as IP option 28 by overloading its meaning. This could be added to syslog-ng as well.

On Thu, Aug 6, 2020, 21:28 Balazs Scheidler <bazsi77@gmail.com> wrote:
X-Forwarded-For is an http header, so not applicable to syslog-ng.

If there's indeed a tcp option that would be doable, do you have a documentation about that?

Also, f5 would not really do load balancing as it assumes that there are many, short lived connections, whereas syslog is a long term connection.

All an f5 is doing is monitoring the nodes and react if one of them fails.

On Thu, Aug 6, 2020, 17:21 Peter Griggs <peter@petergriggs.co.uk> wrote:

Hello

 

Does anyone have any experience of syslog-ng behind F5 load balancer and preserving source IP address? The F5 can put the X-Forwarding header or TCP Options value but I don't believe syslog-ng can understand either of these - Am I wrong? If I am then I am assuming I can have a filter that overwrites $HOST with the value of X-Forwarding or TCP Options.

 

Any help appreciated.

 

Thanks

Peter.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq