How can I change my syslog packets' source IP addr?

Question

hello,The following is my syslog configuration：
modify syslog {
    auth-priv-from notice
    auth-priv-to emerg
    cron-from warning
    cron-to emerg
    daemon-from notice
    daemon-to emerg
    description none
    include "
    filter f_remote_loghost {
        level(warn..emerg);
    };

destination d_remote_loghost {
        udp(\"10.x.x.x\" port(514));
    };

log {
        source(s_syslog_pipe);
        filter(f_remote_loghost);
        destination(d_remote_loghost);
    };
    "
    iso-date disabled
    kern-from notice
    kern-to emerg
    mail-from notice
    mail-to emerg
    messages-from notice
    messages-to warning
    remote-servers none
    user-log-from notice
    user-log-to emerg
}

I capture packets and I find the source IP addr is the selfIP.
How can I force the source IP addr into the mgmt IP?
Can I change "source(s_syslog_pipe)" to "source(192.168.1.245)"?
PS:mgmt interface is down，I can not write a Detailed Routing,I just want force the source addr into mgmt IP addr.
Thanks!

banana_281411 · Answer

I find the answers by myself:
include "
filter f_remote_loghost {
    level(warn..emerg);
};

destination d_remote_loghost {
    udp(\"10.x.x.x\" port(514) localip(192.168.1.245));
};
source s_syslog_pipe {
    local-ip 192.168.2.245
}

log {
    source(s_syslog_pipe);
    filter(f_remote_loghost);
    destination(d_remote_loghost);
};
"

Forum Discussion

How can I change my syslog packets' source IP addr?

1 Reply

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

BIGIP unable to send tcp/udp packets to syslog servers

Automating Packet Captures on BIG-IP

UDP TCP Packet Duplication