On Mon, 22 Apr 2013, Axel Rau wrote:
Logging from a multi-homed firewall or vpn-gateway to a remote loghost requires configurable source ip address in order to get the right routing and filtering.
Why do you say this? I've managed hundreds of multi-homed firewalls (some with as many as 20 physical interfaces) and have never found that I needed to set the source IP.
Unless you have multiple interfaces to the same network, there is no ambiguity, the system will always use the same interface (and will use the main IP on that interface for outbound messages when you have multiple IPs on one interface)
While looking around in the docs, I see a historical config parameter for UDP but none for TCP.
I think you are seeing the log forging feature for UDP that lets you fake the source of the log so that things that ignore the content of the log, but only look at the source IP can be tricked into working.
How are the chances for such a feature? Should I try to provide a patch?
I had hoped to find a solution for reliable high volume firewall logging using rsyslog with its multi-threaded architecture, disk spooling feature and reliable transmission.
rsyslog does this very well. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
