Am 23.04.2013 um 09:47 schrieb David Lang <[email protected]>: > On Mon, 22 Apr 2013, Axel Rau wrote: > >> Logging from a multi-homed firewall or vpn-gateway to a remote loghost >> requires configurable source ip address in order to get the right routing >> and filtering. > > Why do you say this? I've managed hundreds of multi-homed firewalls (some > with as many as 20 physical interfaces) and have never found that I needed to > set the source IP. > > Unless you have multiple interfaces to the same network, there is no > ambiguity, the system will always use the same interface (and will use the > main IP on that interface for outbound messages when you have multiple IPs on > one interface) If you have an IPsec VPN, terminated on an OpenBSD firewall, and want to log firewall activity to a log host, reached through the VPN, you will see the sending socket of your syslogd binding to the interface, pointing at your default route (which carries the encapsulated VPN traffic). > >> While looking around in the docs, I see a historical config parameter for >> UDP but none for TCP. > > I think you are seeing the log forging feature for UDP that lets you fake the > source of the log so that things that ignore the content of the log, but only > look at the source IP can be tricked into working. > >> How are the chances for such a feature? >> Should I try to provide a patch? > >> I had hoped to find a solution for reliable high volume firewall logging >> using rsyslog with its multi-threaded architecture, disk spooling feature >> and reliable transmission.
> rsyslog does this very well. Yes, but before switching to rsyslog, I need a solution for the above problem. Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
