Send logs from secondary ip


#1

Hi,

I need to send syslogs to a collector from Logstash but have it come from the secondary IP of the Logstash host. How can I specify the source IP that the Logstash will use to send the logs?

I have tried using sourcehost in my output file, and using LD_PRELOAD to bind logstash to a different IP, but it didn't work.

This is Logstash 6.2.1 on CentOS 7.

Thanks


#2

I did this with iptables. Changed it to tcp output too.

I write a mark to the packet being sent from packet beat, then match this in rules to change source address and rewrite the destination port:

  1. find anything sent by packet beat based on port and mark it
    iptables -t raw -A OUTPUT -p tcp --dport 5041 -j MARK --set-mark 0x63

  2. use mark to change destination port
    iptables -t nat -A OUTPUT -p tcp -m mark --mark 0x63 -j DNAT --to x.x.x.x:514

  3. use mark to change source address
    iptables -t nat -A POSTROUTING -p tcp -m mark --mark 0x63 -j SNAT --to-source y.y.y.y


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.