Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Aug 2017 17:27:26 +0300
From: Александр Носарев <nosarev-ay@...bler.ru>
To: oss-security@...ts.openwall.com
Subject: Syslog forwarding with IP spoofing

Good day!


I need to recive syslog messages, filter them and send them forward to the SIEM.

Also HOST field is not represented in syslog, so i need to spoof IP of forwarding
packets to bind messages recived by SIEM to it's original source IP.

If i will try to add some marks to syslog message, I will need to override
parsers for each syslog source type, so it seems like abad idea.

Is there any open source tool for that task?


--

.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ