Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Multiple devices with same ip address.
milton at calnek
Jan 21, 2009, 5:24 PM
Post #1 of 6 (2485 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm running a test lab with gear where every piece of gear
under test has the same ip address.

I have separated them via vlans, but I want to be able to send syslog
from these devices to a central host... but with everything having the
same ip address, there doesn't seem to be a way easily separate the logs.
I see how to log based on ip, but not MAC nor interface.

Before I invest in the development time, I was wondering if you folks
have any suggestions?

Thanks.
- --
Milton Calnek BSc, A/Slt(Ret.)
milton@calnek.com
306-717-8737

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFJd8rgHgnbf2T2QqMRArhdAKCCisNIrs+ohNoq2AUiaaiZJdT6SwCfSS3u
4r5JOPJn6SBPWlzMXUBjfQE=
=eVoR
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: Multiple devices with same ip address. [ In reply to ]
rsyslog at lists
Jan 21, 2009, 6:31 PM
Post #2 of 6 (2399 views)
Permalink
Couldn't you use NAT on the vlan interfaces? that way traffic on each
interface could be mapped to a different IP address as seen by the
logging machine.

-- Paul

Milton Calnek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm running a test lab with gear where every piece of gear
> under test has the same ip address.
>
> I have separated them via vlans, but I want to be able to send syslog
> from these devices to a central host... but with everything having the
> same ip address, there doesn't seem to be a way easily separate the logs.
> I see how to log based on ip, but not MAC nor interface.
>
> Before I invest in the development time, I was wondering if you folks
> have any suggestions?
>
> Thanks.
> - --
> Milton Calnek BSc, A/Slt(Ret.)
> milton@calnek.com
> 306-717-8737
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
>
> iD8DBQFJd8rgHgnbf2T2QqMRArhdAKCCisNIrs+ohNoq2AUiaaiZJdT6SwCfSS3u
> 4r5JOPJn6SBPWlzMXUBjfQE=
> =eVoR
> -----END PGP SIGNATURE-----
>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: Multiple devices with same ip address. [ In reply to ]
milton at calnek
Jan 21, 2009, 7:26 PM
Post #3 of 6 (2400 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Paul Chambers wrote:
> Couldn't you use NAT on the vlan interfaces? that way traffic on each
> interface could be mapped to a different IP address as seen by the
> logging machine.

I tried that. It didn't work for me. I don't remember the details just now,
but it had something to do with the order things happen on the linux IP stack.

If you can suggest a set of commands, I'll try it out.

Thanks.
- --
Milton Calnek BSc, A/Slt(Ret.)
milton@calnek.com
306-717-8737

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFJd+dhHgnbf2T2QqMRArc9AKCf1tk2gW5XGOM4cCNevVj8QKwV5gCdHKAT
8OETLsF4Csv6d4/gFVlLtjU=
=23Dv
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: Multiple devices with same ip address. [ In reply to ]
rsyslog at lists
Jan 21, 2009, 8:19 PM
Post #4 of 6 (2402 views)
Permalink
Hard to give you specifics without a lot more information (and time's
scarce, sorry).

Something that helped me understand how netfilter handles packets, and
the order the various tables/chains happen, is the documentation for
ebtables, specifically:
http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html

I'd be amazed if it's not possible to masquerade/source-NAT each vlan
interface to a unique IP addresses. Between netfilter and ebtables,
there's an enormous amount of flexibility.

-- Paul

Milton Calnek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Paul Chambers wrote:
>
>> Couldn't you use NAT on the vlan interfaces? that way traffic on each
>> interface could be mapped to a different IP address as seen by the
>> logging machine.
>>
>
> I tried that. It didn't work for me. I don't remember the details just now,
> but it had something to do with the order things happen on the linux IP stack.
>
> If you can suggest a set of commands, I'll try it out.
>
> Thanks.
> - --
> Milton Calnek BSc, A/Slt(Ret.)
> milton@calnek.com
> 306-717-8737
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
>
> iD8DBQFJd+dhHgnbf2T2QqMRArc9AKCf1tk2gW5XGOM4cCNevVj8QKwV5gCdHKAT
> 8OETLsF4Csv6d4/gFVlLtjU=
> =23Dv
> -----END PGP SIGNATURE-----
>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: Multiple devices with same ip address. [ In reply to ]
david at lang
Jan 21, 2009, 10:20 PM
Post #5 of 6 (2405 views)
Permalink
On Wed, 21 Jan 2009, Milton Calnek wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm running a test lab with gear where every piece of gear
> under test has the same ip address.
>
> I have separated them via vlans, but I want to be able to send syslog
> from these devices to a central host... but with everything having the
> same ip address, there doesn't seem to be a way easily separate the logs.
> I see how to log based on ip, but not MAC nor interface.
>
> Before I invest in the development time, I was wondering if you folks
> have any suggestions?

if you are running rsyslog on the systems under test, try changing the
template that rsyslog uses to sent the messages out from
each system puts something unique in it's logs.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
Re: Multiple devices with same ip address. [ In reply to ]
rgerhards at hq
Jan 21, 2009, 11:46 PM
Post #6 of 6 (2401 views)
Permalink
David is right, this is probably the best way to do it. Even if the
sender's in question are not powered by rsyslog, it most often is
possible to put something unique into the messages. If there are few
devices (<= 8), you can also use the local syslog facilities to identify
the instances (almost all senders allow to configure that).

In any case, you can then use the unique identifier to sort out messages
to different bins on the receiver.

HTH
Rainer

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of david@lang.hm
> Sent: Thursday, January 22, 2009 7:49 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] Multiple devices with same ip address.
>
> On Wed, 21 Jan 2009, Milton Calnek wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > I'm running a test lab with gear where every piece of gear
> > under test has the same ip address.
> >
> > I have separated them via vlans, but I want to be able to send
syslog
> > from these devices to a central host... but with everything having
> the
> > same ip address, there doesn't seem to be a way easily separate the
> logs.
> > I see how to log based on ip, but not MAC nor interface.
> >
> > Before I invest in the development time, I was wondering if you
folks
> > have any suggestions?
>
> if you are running rsyslog on the systems under test, try changing the
> template that rsyslog uses to sent the messages out from
> each system puts something unique in it's logs.
>
> David Lang
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal