Re: [rsyslog] imfile and omudpspoof

2012-12-18 Thread Rainer Gerhards
-Original Message- From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- boun...@lists.adiscon.com] On Behalf Of David Lang Sent: Tuesday, December 18, 2012 2:22 AM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof By the way, as the original author of omudpspoof

Re: [rsyslog] imfile and omudpspoof

2012-12-17 Thread Rainer Gerhards
, 2012 3:24 PM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof - Original Message - From: Rainer Gerhards rgerha...@hq.adiscon.com To: rsyslog-users rsyslog@lists.adiscon.com Sent: Friday, December 14, 2012 9:06:10 AM Subject: Re: [rsyslog] imfile and omudpspoof

Re: [rsyslog] imfile and omudpspoof

2012-12-17 Thread Rainer Gerhards
:24 PM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof - Original Message - From: Rainer Gerhards rgerha...@hq.adiscon.com To: rsyslog-users rsyslog@lists.adiscon.com Sent: Friday, December 14, 2012 9:06:10 AM Subject: Re: [rsyslog] imfile and omudpspoof

Re: [rsyslog] imfile and omudpspoof

2012-12-17 Thread Rainer Gerhards
-Original Message- From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards Sent: Monday, December 17, 2012 6:27 PM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof Just a quick follow-up: I currently work

Re: [rsyslog] imfile and omudpspoof

2012-12-17 Thread David Lang
By the way, as the original author of omudpspoof, I want to try and discourage anyone from using it if they have any other way of making things work. It is a very ugly hack, and it's performance is always going to be poor due to the overhead of changing the source IP address for the forgery.

Re: [rsyslog] imfile and omudpspoof

2012-12-14 Thread Rick Brown
- Original Message - From: Rainer Gerhards rgerha...@hq.adiscon.com To: rsyslog-users rsyslog@lists.adiscon.com Sent: Friday, December 14, 2012 2:40:05 AM Subject: Re: [rsyslog] imfile and omudpspoof -Original Message- From: Rick Brown [mailto:rick.br

Re: [rsyslog] imfile and omudpspoof

2012-12-14 Thread Rainer Gerhards
-Original Message- From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog- boun...@lists.adiscon.com] On Behalf Of Rick Brown Sent: Friday, December 14, 2012 3:04 PM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof - Original Message - From: Rainer

Re: [rsyslog] imfile and omudpspoof

2012-12-14 Thread Rick Brown
- Original Message - From: Rainer Gerhards rgerha...@hq.adiscon.com To: rsyslog-users rsyslog@lists.adiscon.com Sent: Friday, December 14, 2012 9:06:10 AM Subject: Re: [rsyslog] imfile and omudpspoof -Original Message- From: rsyslog-boun...@lists.adiscon.com

Re: [rsyslog] imfile and omudpspoof

2012-12-13 Thread Rainer Gerhards
] On Behalf Of Rick Brown Sent: Thursday, December 13, 2012 4:01 PM To: rsyslog-users Subject: Re: [rsyslog] imfile and omudpspoof On Tue, 11 Dec 2012, Rick Brown wrote: I use imfile to gather application logs such as apache, tomcat, php, etc. and send those on to my syslog server along

[rsyslog] imfile and omudpspoof

2012-12-11 Thread Rick Brown
I use imfile to gather application logs such as apache, tomcat, php, etc. and send those on to my syslog server along with the client machines normal syslog traffic. My syslog server then dutifully writes all the messages locally and additionally forwards the messages on to a SIEM product via

Re: [rsyslog] imfile and omudpspoof

2012-12-11 Thread David Lang
On Tue, 11 Dec 2012, Rick Brown wrote: I use imfile to gather application logs such as apache, tomcat, php, etc. and send those on to my syslog server along with the client machines normal syslog traffic. My syslog server then dutifully writes all the messages locally and additionally