On Apr 21, 2012, at 1:44 AM, Rainer Gerhards wrote: > Just to make sure: I am talking about the problem that fromhost-ip is not > populated. David has much more insight into how the actual spoofing is done > than I have, so I stand by on that discussion. > > HOWEVER, if fromhost-ip is empty, spoofing can not work with default > settings.
The spoofing part itself works fine. On the wire the packet has the IP address of the original sender, and is seen by the far side that way. I can see the packets arrive at the destination by running tcpdump with "host original-sender" and I see the packets arrive from the rsyslog server's ethernet address. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
