[rsyslog-notify] Forum Thread: Re: help with omudpspoof - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Apr 22 08:14:02 CEST 2014
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24571#p24571
Message:
----------
ahh, I see the problem now.
you can't use a standard template like RSYSLOG_TraditionalFileFormat, you
need to create a template that will put the IP address you want to spoof
before anything else
Also, if you are sending over the network, you should not use the file
format but the forward format
So if the RSYSLOG_TraditionalForwardFormat is
"<%PRI>%TIMESTAMP% %HOSTNAME% %SYSLOGTAG%%MSG%"
you need to do something like
"%FROMHOST-IP% <%PRI>%TIMESTAMP% %HOSTNAME% %SYSLOGTAG%%MSG%"
so that the omudpsoof module knows what IP address to use.
More information about the rsyslog-notify
mailing list