[syslog-ng] ng to ng then to syslog

Balazs Scheidler bazsi at balabit.hu
Tue Aug 2 18:59:14 CEST 2005


On Tue, 2005-08-02 at 09:26 -0400, Gerardo Amaya wrote:
> Balazs Scheidler wrote:
> 
> >On Tue, 2005-08-02 at 00:37 +0200, Frans Stekelenburg wrote:
> >  
> >
> >>I agree with the previous poster, why indeed use another (lesser) syslog
> >>;-)
> >>But if you insist:
> >>
> >>Try with the 'spoof_source(yes)' as option in your tcp(... <options>).
> >>I also learned that localip() can be used to force a certain local ip,
> >>but I don't think that applies to your setup.
> >>    
> >>
> >
> >spoof_source only works with udp()
> >
> >  
> >
> The manual says tcp() and udp(), can you please confirm on that so I can 
> plan my installation enviroment.

Here is the documentation that I see:
               <entry>spoof_source</entry>
               <entry>yes or no</entry>
               <entry>
                 Enables source address spoofing. This means that the host
                 running syslog-ng generates UDP packets with the source IP
                 address matching the original sender of the message. It is
                 useful when you want to perform some kind of preprocessing
                 via syslog-ng then forward messages to your central log
                 management solution with the source address of the
                 original sender. This option only works for UDP destinations
                 though the original message can be received by TCP as well.
                 This option is only available if syslog-ng was compiled using
                 the --enable-spoof-source configure option.
               </entry>


-- 
Bazsi



More information about the syslog-ng mailing list