Hi Rahul, I've never used UDP spoofing, so my best bet is to check out the differences between debug and non-debug: - when you start it with debug, do you use -n? If yes, what happens if you only do rsyslog -n? - do you drop privileges in your config?
Best regards, Radu 2013/1/15 Rahul Bhat <[email protected]> > > > > > > Dear Friends , > Hope you doing great !!I came across this mailing list while trying to > configure the rsyslog v 7.2.4 with spoofing using - > http://www.rsyslog.com/doc/omudpspoof.html. Thanks for making the > information available. Unfortunately, I have a problem with the rsyslog > config and have been trying to sort it out for sometime now. I have Linux > rsyslog server which needs to send the logs to the central syslog server > keeping the originator Ip unchanged hence I am using spooofing. Current > conf parameter regarding spoofing: $ModLoad omudpspoof > $template spoofaddr,"%fromhost-ip%" > $template spooftemplate,"%rawmsg%" > $ActionOMUDPSpoofSourceNameTemplate spoofaddr > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx > $ActionOMUDPSpoofTargetPort 514 > $ActionOMUDPSpoofSourcePortStart 514 > $ActionOMUDPSpoofSourcePortEnd 514 > *.* :omudpspoof:;spooftemplate > My rsyslog config works well when i am running the debug mode but as soon > as i go back to non-debug mode, i don't see the logs being forwarded to the > syslog server.All works well in debug but i don't understand how and which > entries should i change for corrective action. If you have some time , > would appreciate any ideas . > Thanks Rahul > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
