David, Just a quick info: I'll initially create a separate branch for these changes, as I can not go through them in details right now. I'll keep that branch updated and the goal is to move it into the master branch as soon as possible. Thanks for all your hard work!
Rainer > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of [email protected] > Sent: Wednesday, March 04, 2009 8:17 AM > To: rsyslog-users > Subject: Re: [rsyslog] UDP source forging. > > Ok, here is a diff that works. > > it cycles the source IP address from 32000-42000 (since we are just > sending, and not creating a normal socket this should not matter) > > it needs LIBS = /usr/lib/libnet.a in the Makefile in tools > > to use it create a template that puts the hostname-ip ahead > of what you > want to send, similar to > > $template TraditionalFwdFormat,"%fromhost-ip% > <%pri%>%timegenerated% %HOSTNAME% %syslogtag%%msg%\n" > > *.* @10.0.0.100;TraditionalFwdFormat > > the one problem right now is that any logs sent from the > local box will go > out with a source IP of 127.0.0.1 > > I wasted a bit of time trying to setup filters to use a > different template > if $myhostname == $fromhost, but apparently the filtering > doesn't allow > comparing two properties, and then I realized that you have a very > high-performance name cache now, so you could easily replace > my trivial > inet_pton(AF_INET, source_text_ip, &(source_ip.sin_addr)); > line with a call to the name lookup and then the > %fromhost-ip% could be > replaced by %fromhost% in the template and everything would > work sanely > (assuming forward and reverse name resolution are sane ;-) > > I haven't tried to do IPv6 yet, I know that it requires more > effort to set > the IP layer options, but I don't know exactly what yet. > > I wanted to float this first to see what you think before > spending much > more time on it. > > David Lang > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
