[syslog-ng] Spoofing SRC of forwarded syslog
Balazs Scheidler
bazsi at balabit.hu
Tue Mar 23 10:43:55 CET 2010
On Mon, 2010-03-22 at 15:43 -0700, AM M84 wrote:
> I should also add that the original source IP is in the payload of the
> message.
no without changing the source code. with that it might be possible.
(you'd have to change the IP address stored in logmsg->saddr somewhere
along the path).
With the newly announced (but not yet integrated plugins branch),
something like this would become easily doable.
--
Bazsi
More information about the syslog-ng
mailing list