[rsyslog-notify] Forum Thread: Re: Action following matched regular expression not performe - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Tue Mar 10 18:46:27 CET 2015
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25309#p25309
Message:
----------
with the omudpspoof module you need to give it a template to use for the
address to spoof the message as
so try adding somethign like
$template fakesource,"%fromhost-ip%"
and then add spooftemplate="fakesource" to the action
If it is getting relayed before it gets to where you are spoofing, you need
to do something to preserve the original source. On my systems I have the
relay systems change the message into JSON and have it add a $!trusted tree
of information that includes the original source IP. That way I can spoof
it no matter how many relays it goes through.
More information about the rsyslog-notify
mailing list