[syslog-ng]Source IP address incorrect
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 28 Oct 2004 13:01:14 +0200
On Wed, 2004-10-27 at 19:38, Singh, Mandeep Mr. Adnet wrote:
> All,
>
> I seem to be having a common problem with forwarding syslog messages.
> I have read through archives and the solution that is most popular
> isn't working for me. I have a central server with is properly
> receiving messages from my PIX firewalls. On that same server I have
> an application from Cisco with acts like a syslogd daemon and parses
> PIX messages into separate categories. Syslog-ng is listening on 514
> and the Cisco product is listening on 515. My problem is the source IP
> address that the Cisco application receives is the IP address of the
> server not the PIX that produced it. Any help would be greatly
> appreciated, below is my configuration file. Thanks in advance.
syslog-ng is effectively resending all messages received from the PIX as
its own message. Of course the sending IP address in this resent frame
is the IP of the host running syslog-ng.
However there's a spoof-source compile time option to syslog-ng which
might help you in this case (configure --enable-spoof-source). You'll
need libnet installed if you want to use this option.
--
Bazsi