AllowedSender¶
Restricts UDP syslog senders by source address or hostname.
This parameter applies to imudp: UDP Syslog Input Module.
- Name:
AllowedSender
- Scope:
module, input
- Type:
array
- Default:
module=none, input=module parameter
- Required?:
no
- Introduced:
8.2608.0
Description¶
Sets source-address ACL entries for UDP syslog inputs. Entries use the same
address syntax as the legacy $AllowedSender
directive, for example 127.0.0.1/16, 192.0.2.0/24, [::1]/128,
*.example.net, or somehost.example.com.
A module-level AllowedSender list is used as the default for imudp inputs.
An input-level AllowedSender list replaces the module-level list for that
input. If neither the module nor the input configures this parameter, all
senders are accepted unless legacy $AllowedSender directives are present.
If AllowedSender is configured, the array must contain at least one entry.
An empty input array cannot be used to clear a module-level default. Configure
explicit per-input sender lists, or omit the module-level default if some inputs
must remain unrestricted.
Do not mix legacy $AllowedSender and modern AllowedSender in new
configurations.
AllowedSender checks the remote socket address or reverse-DNS hostname.
By UDP design, source addresses can be spoofed. Use firewall ingress and egress
filtering, and prefer TCP or TLS transports when sender authenticity matters.
Module usage¶
module(load="imudp" allowedSender=["192.0.2.0/24"])
Input usage¶
input(type="imudp" port="514" allowedSender=["127.0.0.1/16"])
YAML usage¶
modules:
- load: imudp
allowedSender: ["192.0.2.0/24"]
inputs:
- type: imudp
port: "514"
allowedSender: ["127.0.0.1/16"]
See also¶
See also imudp: UDP Syslog Input Module and $AllowedSender.
Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project
Contributing: Source & docs: rsyslog source project
© 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.