On Wed, 17 Oct 2018, wuhe wrote:
Hi :
want to check how to get the original IP address after forward twice in a
relay chain?
like in this chain, how can the "Log Server" get the IP address (not hostname ) of
"Client A/B/C"
{Client A, Client B, Client C} ----> {Relay Server} ----> {Log Server}
(udp is used for forward)
using the standard syslog format you cannot do so because the relays do no pass
that information on.
What I do is I repackage the message as JSON so that I can add additional
metadata
on the relay:
set $!msg=$msg;
set $!trusted!orig!ip = $fromhost-ip;
etc (I also have the relays store the timestamp of when they processed the log,
which relay processed it, parse the message, and do other cleanups)
then define a forwarding format that has %$!% instead of $msg in it.
then on the log server, you can extract the metadata or the original message
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
