Hi, We are currently using the omudpspoof module to forward logs to a second location and notice that by default the spoofing rotates the source port for the spoofed packet between UDP/32000 and UDP/42000. I also see that there are two action parameters available to restrict this range of rotating source ports :-
sourceport.start sourceport.end If I set these parameters to the same value (i.e. 32500) I believe this would cause the source port for all spoofed packets to be the same. However is there a particular reason why the default behaviour is preferred (i.e. rotating through multiple ports)? I would like to restrict to a single source port but wary if that will have any unforeseen impacts on performance? Regards, Andy. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
