On Wed, Oct 30, 2002 at 03:44:07PM -0500, Hamilton, Andrew wrote:
Hi all
I'm designing a solution where I need to forward syslog messages to 2 different servers (Cisco Works and a log correlation system). The messages will be sent from Cisco routers and PIXes to a box running syslog-ng that will forward the messages to the servers according to the facility and levels defined on filters.
My question regards the origin of the messages as they will be seen by the end servers. Since both Cisco Works and the log correlation engine rely on the source IP to acknowledge and trigger alarms, will they see the syslog-ng box IP or the original IP address of the routers and PIXes? In other words will syslog-ng spoof the source IP addresses when forwarding the messages?
The IP will not be spoofed, though the message sent by syslog-ng may contain the hostname you are interested in as Drew wrote. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1