RSA Admin

syslog relay host problem

Discussion created by RSA Admin Employee on Jan 18, 2013

Hi there

 

Currently we have a CentOS 5 system running syslog-ng 2.1 and we'd like to migrate this to a new RHEL 6 system with syslog-ng 3.2.5.

This server is acting as a relay host to our enVision.

 

The configuration is mostly the same, except for some options that have changed or are now deprecated.

 

While everything is working fine with the old system, the new one provides us with quite a difficult challenge.

 

When I look at the events in enVision there is a column 'Device' among others like 'Index' or 'Event'.

This is, with the old centos relay, the IP address of the original sender of the message, not the relay host!

 

When we route the message traffic through the new rhel relay host this column shows the IP address of the relay host instead the original sender?

 

Has anybody experienced anything similar?

 

Thank you

Sandro

Outcomes