Hello All rsyslog users and developers ????
The main problem.
When receiving loadbalanced TCP syslog messages our Loadbalancer IP is the IP added to the variable $fromhost-ip no matter what we do. This is due to the fact that the LB is doing TCP routing and becomes the sending IP on the network layer. The syslog message does not contain the IP of the sending node.
The Setup:
The setup contains only 2 servers which have 2 subnets (Frontend and a Backend(For TCP messages))
The servers are using the following software
* Nginx (For LB)
* Keepalived (For VIP handling)
* Rsyslog (yes for syslog messages)
Question 1:
I was thinking about adding some Proxy Headers to the log message on the LB (nginx) side and then using that in rsyslog to overwrite the $fronhost-ip. Is this possible in anyway to have rsyslog to use Proxy Headers like:
* X-Forwarded-For
* X-Real-IP
If possible howto do it ?
If not, any other great suggestions to preserve IP address of sending source in a LB TCP syslog setup is appreciated
Please be aware, adding more HW to the setup is not an option.
Best regards
Jan P. Madsen
This e-mail (including any attachments) is intended for the addressee(s) stated above only and may contain confidential information protected by law. You are hereby notified that any unauthorized reading, disclosure, copying or distribution of this e-mail or use of information contained herein is strictly prohibited and may violate rights to proprietary information. If you are not an intended recipient, please return this e-mail to the sender and delete it immediately hereafter. Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
The main problem.
When receiving loadbalanced TCP syslog messages our Loadbalancer IP is the IP added to the variable $fromhost-ip no matter what we do. This is due to the fact that the LB is doing TCP routing and becomes the sending IP on the network layer. The syslog message does not contain the IP of the sending node.
The Setup:
The setup contains only 2 servers which have 2 subnets (Frontend and a Backend(For TCP messages))
The servers are using the following software
* Nginx (For LB)
* Keepalived (For VIP handling)
* Rsyslog (yes for syslog messages)
Question 1:
I was thinking about adding some Proxy Headers to the log message on the LB (nginx) side and then using that in rsyslog to overwrite the $fronhost-ip. Is this possible in anyway to have rsyslog to use Proxy Headers like:
* X-Forwarded-For
* X-Real-IP
If possible howto do it ?
If not, any other great suggestions to preserve IP address of sending source in a LB TCP syslog setup is appreciated
Please be aware, adding more HW to the setup is not an option.
Best regards
Jan P. Madsen
This e-mail (including any attachments) is intended for the addressee(s) stated above only and may contain confidential information protected by law. You are hereby notified that any unauthorized reading, disclosure, copying or distribution of this e-mail or use of information contained herein is strictly prohibited and may violate rights to proprietary information. If you are not an intended recipient, please return this e-mail to the sender and delete it immediately hereafter. Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.