Hi,
I need to send syslogs to a collector from Logstash but have it come from the secondary IP of the Logstash host. How can I specify the source IP that the Logstash will use to send the logs?
I have tried using sourcehost in my output file, and using LD_PRELOAD to bind logstash to a different IP, but it didn't work.
This is Logstash 6.2.1 on CentOS 7.
Thanks
I did this with iptables. Changed it to tcp output too.
I write a mark to the packet being sent from packet beat, then match this in rules to change source address and rewrite the destination port:
find anything sent by packet beat based on port and mark it
iptables -t raw -A OUTPUT -p tcp --dport 5041 -j MARK --set-mark 0x63
use mark to change destination port
iptables -t nat -A OUTPUT -p tcp -m mark --mark 0x63 -j DNAT --to x.x.x.x:514
use mark to change source address
iptables -t nat -A POSTROUTING -p tcp -m mark --mark 0x63 -j SNAT --to-source y.y.y.y
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.