[syslog-ng]Syslog forwarding

Balazs Scheidler bazsi@balabit.hu
Thu, 31 Oct 2002 09:04:54 +0100

On Wed, Oct 30, 2002 at 03:44:07PM -0500, Hamilton, Andrew wrote:
> Hi all
> I'm designing a solution where I need to forward syslog messages to 2
> different servers (Cisco Works and a log correlation system). The messages
> will be sent from Cisco routers and PIXes to a box running syslog-ng that
> will forward the messages to the servers according to the facility and
> levels defined on filters.
> My question regards the origin of the messages as they will be seen by the
> end servers. Since both Cisco Works and the log correlation engine rely on
> the source IP to acknowledge and trigger alarms, will they see the syslog-ng
> box IP or the original IP address of the routers and PIXes? In other words
> will syslog-ng spoof the source IP addresses when forwarding the messages?

The IP will not be spoofed, though the message sent by syslog-ng may contain
the hostname you are interested in as Drew wrote.

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1