Sending source IP from syslog-ng
Hi All, I have seen a number of queries on a number of lists in regards to sending the source ip address of messages that are forwarded from a syslog-ng server. I have found a solution! You need to do the following: Enter the option --enable-spoof-source when running ./configure (This requires libnet, use RPM for RedHat) 'make' and 'make install' syslog-ng In your syslog-ng config add the spoof-source(yes) option to your destination (UDP only) e.g. destination log_host { udp("10.0.0.1" port(514) spoof_source(yes)); }; On a syslogd server (Solaris, Standard *nix) you should see the originating host ip after the timestamp. Hope this helps. -- Michael Gehrmann Security Administrator CITEC www.citec.com.au, Your business solutions partner
On Thu, 2004-11-25 at 00:07, Michael Gehrmann wrote:
Hi All,
I have seen a number of queries on a number of lists in regards to sending the source ip address of messages that are forwarded from a syslog-ng server.
I have found a solution!
You need to do the following:
Enter the option --enable-spoof-source when running ./configure (This requires libnet, use RPM for RedHat)
Yes, this feature was announced in the release notes of syslog-ng 1.6.3: * added address spoofing support (use the original IP address when resending messages, read the file README.spoof for more information) -- Bazsi
participants (2)
-
Balazs Scheidler
-
Michael Gehrmann