David, Excellent, please do as you have time. I'll make sure it fits. Thread-safety, btw., is not a big issue at this level as the output modules are guaranteed to be never called by multiple threads concurrently. That was a trade-off to enable other folks to easily write them (but I have an option in the back of my head that a module can tell the engine it *is* capable to run on multiple threads concurrently...).
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Tuesday, February 24, 2009 9:43 AM > To: rsyslog-users > Subject: Re: [rsyslog] UDP source forging. > > On Tue, 24 Feb 2009, Rainer Gerhards wrote: > > > Hi David et all, > > > > Currently rsyslog does not support this and I have to admit I was > always > > very hesitant to add it (I see potential for misuse). Co- > incidentally, I > > received a similar request and was about to relay it to the mailing > list > > to gather feedback. As it looks, this no longer is necessary ;) > > > > When I thought about implementation, I originally thought about raw > > sockets (which indeed require root access), but if there is any other > > way, I would be most interested. If you can provide some code, I will > > happily integrate it. I think an addition to the omfwd module, in udp > > forwarding, together with a new directive ($SpoofOriginalUDPAddress > or > > so...) would be the right way to go. > > I'll see about hacking in some example code (probably without any > config > option and not thread-safe) and send it to you. > > there's another similar change in the same area that I was looking at, > I'll mock it up as well. > > David Lang > > > Rainer > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of > [email protected] > >> Sent: Tuesday, February 24, 2009 4:40 AM > >> To: rsyslog-users > >> Subject: Re: [rsyslog] UDP source forging. > >> > >> On Mon, 23 Feb 2009, RB wrote: > >> > >>> On Mon, Feb 23, 2009 at 18:11, <[email protected]> wrote: > >>>> I have a need to use some products that are stupid enough > >> to ignore the > >>>> host field in the syslog message and instead base > >> everything on the IP > >>>> address the message originates from. > >>>> > >>>> some other syslog servers can handle this by forging the > >> source of the UDP > >>>> packet, can rsyslog do this? > >>> > >>> So is rsyslog originating the messages, or are you using it to > >>> aggregate them and then feed them on to the other [bad] > >> acceptors? I > >>> am unaware of a way to get rsyslog to forge packets (short > >> of writing > >>> an output module), but unless you must get another syslog > >> daemon into > >>> the mix, you may be better off just feeding your messages > >> directly to > >>> the other collector. > >> > >> rsyslog would be the relay from one non-routed network to another > >> non-routed network. > >> > >> this could be a fairly simple change to the UDP output module > >> (adding a > >> couple commands around the sending of a message), but before > >> I dove in to > >> do that I wanted to see if I had missed this feature anywhere. > >> > >> David Lang > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
