Properly forwarding syslog messages
Hey all, So I've looked around and I'm just not sure what the best method is for forwarding syslog messages. I have a current setup that is working well. I'd like to try and get all the messages forward to another machine using standard udp 514. I'd like the messages to appear as if they are coming from the originating machine, not the syslog server. I did see a couple sites that say I have to compile with spoofing. Can anyone point me to some resources to do this? Thank you. James
On 2014-06-27 12:29, James Lay wrote:
Hey all,
So I've looked around and I'm just not sure what the best method is for forwarding syslog messages. I have a current setup that is working well. I'd like to try and get all the messages forward to another machine using standard udp 514. I'd like the messages to appear as if they are coming from the originating machine, not the syslog server. I did see a couple sites that say I have to compile with spoofing. Can anyone point me to some resources to do this? Thank you.
James
No takers on this?
Hi James! Check out the source from https://github.com/balabit/syslog-ng, enter the source directory, and use the following command: ./autogen.sh && ./configure --enable-spoof-source && make && sudo make install. You should have the libnet dev package on your system to be able to compile with enable spoof-source, it is called libnet1-dev on my Ubuntu. Hope I could help, Viktor On Mon, Jul 7, 2014 at 7:56 PM, James Lay <jlay@slave-tothe-box.net> wrote:
On 2014-06-27 12:29, James Lay wrote:
Hey all,
So I've looked around and I'm just not sure what the best method is for forwarding syslog messages. I have a current setup that is working well. I'd like to try and get all the messages forward to another machine using standard udp 514. I'd like the messages to appear as if they are coming from the originating machine, not the syslog server. I did see a couple sites that say I have to compile with spoofing. Can anyone point me to some resources to do this? Thank you.
James
No takers on this?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On 2014-07-07 13:39, Tusa Viktor wrote:
Hi James!
Check out the source from https://github.com/balabit/syslog-ng [4], enter the source directory, and use the following command: ./autogen.sh && ./configure --enable-spoof-source && make && sudo make install.
You should have the libnet dev package on your system to be able to compile with enable spoof-source, it is called libnet1-dev on my Ubuntu.
Hope I could help, Viktor
On Mon, Jul 7, 2014 at 7:56 PM, James Lay <jlay@slave-tothe-box.net [5]> wrote:
On 2014-06-27 12:29, James Lay wrote:
Hey all,
So Ive looked around and Im just not sure what the best method is for forwarding syslog messages. I have a current setup that is working well. Id like to try and get all the messages forward to another machine using standard udp 514. Id like the messages to appear as if they are coming from the originating machine, not the syslog server. I did see a couple sites that say I have to compile with spoofing. Can anyone point me to some resources to do this? Thank you.
James
Thanks Viktor that does help...I'll give this a go. James
participants (2)
-
James Lay
-
Tusa Viktor