Fernando, I did the very same thing you are doing for several years. syslog-ng is perfect for that in that it will allow you to configure both ways. It will spoof the name or it will leave the name. By setting various options you can get a combination of the two even. Look at keep_hostname(yes) this tells syslog-ng to keep the hostname it got from the message, use_fqdn(yes), fqdn is important if you have multiple domains with the same hostname in different domains such as ns1. Also chain_hostnames(no), syslog-ng will chain the hostnames together if you don't turn this off. For CiscoWorks you want to turn this off. Realize also that if you have a central loghost that is different from the CiscoWorks machine you must also run syslog-ng on that host as well. Regards, Drew -----Original Message----- From: Fernando Cardoso [mailto:fernando.cardoso@whatevernet.com] Sent: Wednesday, October 30, 2002 3:32 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Syslog forwarding Hi all I'm designing a solution where I need to forward syslog messages to 2 different servers (Cisco Works and a log correlation system). The messages will be sent from Cisco routers and PIXes to a box running syslog-ng that will forward the messages to the servers according to the facility and levels defined on filters. My question regards the origin of the messages as they will be seen by the end servers. Since both Cisco Works and the log correlation engine rely on the source IP to acknowledge and trigger alarms, will they see the syslog-ng box IP or the original IP address of the routers and PIXes? In other words will syslog-ng spoof the source IP addresses when forwarding the messages? Thanks in advance Fernando _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html