Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Aug 2017 13:40:45 -0700
From: Sean Cassidy <>
Subject: Re: Syslog forwarding with IP spoofing

On Tue, Aug 1, 2017 at 7:27 AM, Александр Носарев <> wrote:
> Good day!
> I need to recive syslog messages, filter them and send them forward to the SIEM.
> Also HOST field is not represented in syslog, so i need to spoof IP of forwarding
> packets to bind messages recived by SIEM to it's original source IP.
> If i will try to add some marks to syslog message, I will need to override
> parsers for each syslog source type, so it seems like abad idea.
> Is there any open source tool for that task?

I would use syslog-ng for this. It can rewrite syslog messages
(including adding/modifying the HOST field) and then do nearly
anything with the result. You can have it call a program, put it on an
AMQP queue, write it to disk, or whatever, really.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ