1
response

Hi

I'm trying to do a syslog udp to tcp converter using this method from the user's manual:

<Input in>
    Module im_tcp
    Host 0.0.0.0
    Port 2345
 </Input>

<Output out>
    Module      om_tcp
    Host        mysyslog.domain.local
    Port        514
</Output>

~~<Processor buffer>
 Module pm_buffer
 WarnLimit 800
 MaxSize 1000
 Type Mem
 Exec if buffer_size() >= 80k drop();
</Processor>

<Route 1>
    Path in => buffer => out
</Route>

This is working correctly but all the events recieved by mysyslog.domain.local server are coming from the same source (the IP of the NXLOG server). Is there a way to preserve the source IP?

Thanks in advance

Regards,

Olga

AskedOctober 17, 2017 - 5:00pm

Answer (1)

It's not possible to spoof the IP address of a TCP packet. This is only possible with udp and the NXLog Enterprise Edition has a special module (om_udpspoof) that can do this.