[syslog-ng]Source IP address incorrect

[Balazs Scheidler]

On Wed, 2004-10-27 at 19:38, Singh, Mandeep Mr. Adnet wrote:
> All,
> 
> I seem to be having a common problem with forwarding syslog messages.
> I have read through archives and the solution that is most popular
> isn't working for me. I have a central server with is properly
> receiving messages from my PIX firewalls. On that same server I have
> an application from Cisco with acts like a syslogd daemon and parses
> PIX messages into separate categories. Syslog-ng is listening on 514
> and the Cisco product is listening on 515. My problem is the source IP
> address that the Cisco application receives is the IP address of the
> server not the PIX that produced it. Any help would be greatly
> appreciated, below is my configuration file. Thanks in advance.

syslog-ng is effectively resending all messages received from the PIX as
its own message. Of course the sending IP address in this resent frame
is the IP of the host running syslog-ng.

However there's a spoof-source compile time option to syslog-ng which
might help you in this case (configure --enable-spoof-source). You'll
need libnet installed if you want to use this option.

-- 
Bazsi