I am running syslog-ng 1.6.8 on Solaris 9. I recompiled with the --enable-spoof-source configure option.

 

Here is my config:

 

destination d_squelch_acl { udp("10.159.234.52" port(514) spoof_source(yes)); };

filter f_squelch_acl { match("list squelch denied"); };

log { source(net); filter(f_squelch_acl); destination(d_squelch_acl);};

source net { udp(); };

 

 

If I start syslog-ng without spoof_source(yes) option, all messages matching are forwarded to the machine in the destination. If I change to spoof_source(yes) nothing gets forwarded at all. I do not get any errors when I start syslog-ng, like "spoof-source support not compiled in" which I get on other boxes I have not recompiled on yet.

 

Any ideas?

 

Chance