Configure syslogd log to remote server via NAT

Hello, we have a FreeBSD remote syslog in WAN network and several FreeBSD servers in LAN.

FreeBSD servers in LAN will send syslog message to remote server in WAN. Router GW will do the outbound NAT which translate the source IP address of LAN server to WAN IP address of GW. The problem is, remote syslog only see log messages come from 1 IP, public IP address of GW. So, it detect the messages come from GW, not server in LAN.

Is there any configuration that can help remote syslog in WAN, detect right messages from right server?
 
- Buy a block of IP's. Do 1-to-1 NAT on your router for the server behind it.
or
- Create a tunnel/VPN to the remote server
tks, is there anyway to pass a prefix (ie : hostname) to each log message, so syslog server can detect which log message come from which server?
 
I would suggest using a VPN. You really do not want to send syslog messages over the internet "naked". Syslog is UDP, clear-text and is easily spoofed. So you're setting up the receiving end to get a bunch of fake messages that can easily fill up your /var/log.
 
My gw router using pfsense, and I noticed smt very strange
- when client in LAN send syslog to remote using UDP, port 514, all syslog packet are NAT via pfsense device.
- when client in LAN send syslog to remove using different UDP port, source IP of syslog packet are kept after go out of GW.
Anyone know why ?
 
Back
Top