[syslog-ng] SYSLOG to SNMP TRAP relay server, how can I spoof source address
Armando Martires
amartires at smartechnologies.pt
Tue Jul 23 09:53:40 UTC 2019
Hello,
I set up a Syslog-ng relay server to relay syslog messages as SNMP traps.
The relay is working sending a SNMP TRAP whenever a SYSLOG message is
received,
but the source seems to be the syslog-ng server and not the client host
that originated the syslog message.
This is my config:
options {
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
chain_hostnames (no);
};
source s_labs_itsm {
syslog(ip("192.168.50.20") transport("udp"));
};
destination d_local {
file("/var/log/messages_${HOST}");
};
destination d_ss {
snmp(
host("192.168.50.10")
version("v2c")
community("public")
trap-obj('.1.3.6.1.6.3.1.1.4.1.0', 'Objectid',
'.1.3.6.1.4.1.18372.3.1.1.1.2.1')
snmp-obj('.1.3.6.1.4.1.18372.3.1.1.1.1.1.0', 'Octetstring',
'${MESSAGE}')
snmp-obj('.1.3.6.1.4.1.18372.3.1.1.1.1.2.0', 'Octetstring',
'admin')
snmp-obj('.1.3.6.1.4.1.18372.3.1.1.1.1.3.0', 'Ipaddress',
'${HOST}')
);
};
log {
source(s_labs_itsm); destination(d_local); destination(d_ss);
};
Can anyone help me out understanding what I'm doing wrong?
Thanks!
--
Armando Mártires
More information about the syslog-ng
mailing list