[syslog-ng]Sending source IP from syslog-ng
Michael Gehrmann
syslog-ng@lists.balabit.hu
Thu, 25 Nov 2004 09:07:38 +1000
--=-A1pqWiwmxBCIeSUoYfuS
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Hi All,
I have seen a number of queries on a number of lists in regards to
sending the source ip address of messages that are forwarded from a
syslog-ng server.
I have found a solution!
You need to do the following:
Enter the option --enable-spoof-source when running ./configure (This
requires libnet, use RPM for RedHat)
'make' and 'make install' syslog-ng
In your syslog-ng config add the spoof-source(yes) option to your
destination (UDP only)
e.g. destination log_host { udp("10.0.0.1" port(514) spoof_source(yes));
};
On a syslogd server (Solaris, Standard *nix) you should see the
originating host ip after the timestamp.
Hope this helps.
--
Michael Gehrmann
Security Administrator
CITEC
www.citec.com.au, Your business solutions partner
--=-A1pqWiwmxBCIeSUoYfuS
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
Hi All,<BR>
<BR>
I have seen a number of queries on a number of lists in regards to sending the source ip address of messages that are forwarded from a syslog-ng server.<BR>
<BR>
I have found a solution! <BR>
<BR>
You need to do the following:<BR>
<BR>
Enter the option --enable-spoof-source when running ./configure (This requires libnet, use RPM for RedHat)<BR>
'make' and 'make install' syslog-ng<BR>
In your syslog-ng config add the spoof-source(yes) option to your destination (UDP only)<BR>
e.g. destination log_host { udp("10.0.0.1" port(514) spoof_source(yes)); };<BR>
<BR>
On a syslogd server (Solaris, Standard *nix) you should see the originating host ip after the timestamp.<BR>
<BR>
Hope this helps.<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>--
Michael Gehrmann
Security Administrator
CITEC
www.citec.com.au, Your business solutions partner</PRE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
--=-A1pqWiwmxBCIeSUoYfuS--