Date: Tue, 1 Aug 2017 13:40:45 -0700 From: Sean Cassidy <sean@...ensestorm.com> To: oss-security@...ts.openwall.com Subject: Re: Syslog forwarding with IP spoofing On Tue, Aug 1, 2017 at 7:27 AM, Александр Носарев <nosarev-ay@...bler.ru> wrote: > > Good day! > > > I need to recive syslog messages, filter them and send them forward to the SIEM. > > Also HOST field is not represented in syslog, so i need to spoof IP of forwarding > packets to bind messages recived by SIEM to it's original source IP. > > If i will try to add some marks to syslog message, I will need to override > parsers for each syslog source type, so it seems like abad idea. > > Is there any open source tool for that task? I would use syslog-ng for this. It can rewrite syslog messages (including adding/modifying the HOST field) and then do nearly anything with the result. You can have it call a program, put it on an AMQP queue, write it to disk, or whatever, really. https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/chapter-manipulating-messages.html https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/chapter-destinations.html Sean
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ