Great idea, but running in stealth mode isn't a function of syslog-ng,
it's a function of a network capture tool such as tcpdump or ngrep. Use
these tools (or something like them) to capture the traffic and perhaps
dump the syslog contents to a file (need to do a little scripting here
perhaps, though not much) and have syslog-ng read from that file.<br><br><div><span class="gmail_quote">On 9/13/05, <b class="gmail_sendername">Albretch Mueller</b> &lt;<a href="mailto:lbrtchx@hotmail.com">lbrtchx@hotmail.com
</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi *,<br><br>I would like for system logs like the ones produced by the kernel, iptable
<br>(generally in /var/log/syslog), as well as anyother applications running in<br>a Linux-based router to be processed by an ng-syslog client and just popped<br>as UDP packets<br><br>I looked into <a href="http://www.campin.net/syslog-ng/faq.html">
http://www.campin.net/syslog-ng/faq.html</a> and couldn't see any<br>particular info on this specifically and I also search<br><a href="http://marc.theaimsgroup.com/?l=syslog-ng">http://marc.theaimsgroup.com/?l=syslog-ng</a>
 for 'stealth' and didn't get any<br>hits (a search on 'UDP' would dump millions of hits on you ;-))<br><br>How could you do something like that?<br><br>Thanks<br>Albretch<br><br><br>_______________________________________________
<br>syslog-ng maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
<br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>