Hi David et all, Currently rsyslog does not support this and I have to admit I was always very hesitant to add it (I see potential for misuse). Co-incidentally, I received a similar request and was about to relay it to the mailing list to gather feedback. As it looks, this no longer is necessary ;)
When I thought about implementation, I originally thought about raw sockets (which indeed require root access), but if there is any other way, I would be most interested. If you can provide some code, I will happily integrate it. I think an addition to the omfwd module, in udp forwarding, together with a new directive ($SpoofOriginalUDPAddress or so...) would be the right way to go. Rainer > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of [email protected] > Sent: Tuesday, February 24, 2009 4:40 AM > To: rsyslog-users > Subject: Re: [rsyslog] UDP source forging. > > On Mon, 23 Feb 2009, RB wrote: > > > On Mon, Feb 23, 2009 at 18:11, <[email protected]> wrote: > >> I have a need to use some products that are stupid enough > to ignore the > >> host field in the syslog message and instead base > everything on the IP > >> address the message originates from. > >> > >> some other syslog servers can handle this by forging the > source of the UDP > >> packet, can rsyslog do this? > > > > So is rsyslog originating the messages, or are you using it to > > aggregate them and then feed them on to the other [bad] > acceptors? I > > am unaware of a way to get rsyslog to forge packets (short > of writing > > an output module), but unless you must get another syslog > daemon into > > the mix, you may be better off just feeding your messages > directly to > > the other collector. > > rsyslog would be the relay from one non-routed network to another > non-routed network. > > this could be a fairly simple change to the UDP output module > (adding a > couple commands around the sending of a message), but before > I dove in to > do that I wanted to see if I had missed this feature anywhere. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
