Am 22.04.2013 um 21:19 schrieb Rainer Gerhards <[email protected]>:
>> -----Original Message----- >> From: [email protected] [mailto:rsyslog- >> [email protected]] On Behalf Of Axel Rau >> Sent: Monday, April 22, 2013 5:58 PM >> To: rsyslog-users >> Subject: [rsyslog] configurable client source address >> >> Logging from a multi-homed firewall or vpn-gateway to a remote loghost >> requires configurable source ip address in order to get the right >> routing and filtering. >> While looking around in the docs, I see a historical config parameter >> for UDP but none for TCP. >> How are the chances for such a feature? >> Should I try to provide a patch? > > A patch is definitely appreciated. But note that I am currently out of > country and will be very unresponsive until the end of the week. > I need some hints how this would best fit into rsyslog (future) architecture and least interfere with work-in-progress. To get this working, I need A. to parse a new option "SourceIPasLocalClient" B. to store it as a global of type sockaddr_in (and do an immediate check, if this IP is available locally) C. to insert a bind() between a socket() and a connect() call, using the sockaddr_in above, if set, at all(!) places, where clients open a link. Questions: Scope of this option could be 1. Global as command line option would be easiest (that's were I'm currently working on) 2. Global in config file 3. As option of an output module (would be most clean design) 4. In principal, I could use LocalHostIPIF as option, but a) I can't see, where it is set b) IF address may be ambiguous (e.g. with dual stack configurations) 5. My use case requires omrelp, which is not converted yet to v7-style-syntax. To minimize throw-away-code I would prefer a global option for now. Using omrelp would also require to modify librelp (add a variable to relpSessConnect) 6. While talking about logging of firewall events, security policy often requires not only a well defined source IP, but also a fixed (privileged) port, which is 514 with traditional syslog. This could be added with minimum effort. Please advice, Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
