[rsyslog-notify] Forum Thread: Re: Getting omudpspoof for 5.8.6 on Ubuntu LTS - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Aug 25 17:45:01 CEST 2014
User: rgerhards
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24876#p24876
Message:
----------
What David means is that a RFC-compliant receiver should pull the
originating host from the hostname field of the message, and not rely on
the sender's IP address. As you see in your case, the sender address is
really nothing that can be used inside a relay chain.
There is no need to warn about omudpspoof performance, other than that it
is a much more costly operation than regular forwarding - just like writing
to a database is more costly than writing to a flat file.
What David meant (I guess) is that you should ask yourself why you need the
original sender's IP address on the central collector vs. the original
sender's hostname (from the message). With well-behaving systems, there is
no need to put anything special (like omudpspoof) into relay chains.
Regarding 5.8.6: I don't remember if the module was available for that
version. If so, and if you find no package, you can pull the version via
the v5.8.6 tag from github and compile the version yourself. A much better
alternative is the use the currently supported 8.4 version.
HTH
Rainer
More information about the rsyslog-notify
mailing list