I have a need to use some products that are stupid enough to ignore the host field in the syslog message and instead base everything on the IP address the message originates from.
some other syslog servers can handle this by forging the source of the UDP packet, can rsyslog do this? one way that I know to do this is to issue a bind command to set the source IP, send the packet, then close the 'connection' (with the kernel set to allow non-local-binds), I've hacked sysklogd to do this sort of thing in the past. another way is to send out raw packets (which I believe requires root access). I suspect that this would require more drastic changes to support, but may have slightly higher performance. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
