I have seen a number of queries on a number of lists in regards to sending the source ip address of messages that are forwarded from a syslog-ng server.
I have found a solution!
You need to do the following:
Enter the option --enable-spoof-source when running ./configure (This requires libnet, use RPM for RedHat)
'make' and 'make install' syslog-ng
In your syslog-ng config add the spoof-source(yes) option to your destination (UDP only)
e.g. destination log_host { udp("10.0.0.1" port(514) spoof_source(yes)); };
On a syslogd server (Solaris, Standard *nix) you should see the originating host ip after the timestamp.
Hope this helps.
--
Michael Gehrmann
Security Administrator
CITEC
www.citec.com.au, Your business solutions partner