On Tue, 24 Feb 2009, Rainer Gerhards wrote: > Hi David et all, > > Currently rsyslog does not support this and I have to admit I was always > very hesitant to add it (I see potential for misuse). Co-incidentally, I > received a similar request and was about to relay it to the mailing list > to gather feedback. As it looks, this no longer is necessary ;) > > When I thought about implementation, I originally thought about raw > sockets (which indeed require root access), but if there is any other > way, I would be most interested. If you can provide some code, I will > happily integrate it. I think an addition to the omfwd module, in udp > forwarding, together with a new directive ($SpoofOriginalUDPAddress or > so...) would be the right way to go.
I'll see about hacking in some example code (probably without any config option and not thread-safe) and send it to you. there's another similar change in the same area that I was looking at, I'll mock it up as well. David Lang > Rainer > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of [email protected] >> Sent: Tuesday, February 24, 2009 4:40 AM >> To: rsyslog-users >> Subject: Re: [rsyslog] UDP source forging. >> >> On Mon, 23 Feb 2009, RB wrote: >> >>> On Mon, Feb 23, 2009 at 18:11, <[email protected]> wrote: >>>> I have a need to use some products that are stupid enough >> to ignore the >>>> host field in the syslog message and instead base >> everything on the IP >>>> address the message originates from. >>>> >>>> some other syslog servers can handle this by forging the >> source of the UDP >>>> packet, can rsyslog do this? >>> >>> So is rsyslog originating the messages, or are you using it to >>> aggregate them and then feed them on to the other [bad] >> acceptors? I >>> am unaware of a way to get rsyslog to forge packets (short >> of writing >>> an output module), but unless you must get another syslog >> daemon into >>> the mix, you may be better off just feeding your messages >> directly to >>> the other collector. >> >> rsyslog would be the relay from one non-routed network to another >> non-routed network. >> >> this could be a fairly simple change to the UDP output module >> (adding a >> couple commands around the sending of a message), but before >> I dove in to >> do that I wanted to see if I had missed this feature anywhere. >> >> David Lang >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
