Hi, I have no expertise on the network. I always appreciate your taking the time to answer my question.
We will connect independent systems using the L3 Switch and send the syslog to the cyber security operation center like attached picture. (Network switch will send via syslog function, and agent will be installed on workstation)
If IP addresses are duplicated between independent systems, is there a problem in transmitting logs?
If I am understanding the original post correctly there will be an agent installed on workstations which will be sending syslog messages to a server and that it is possible that several workstations may have the same IP address. The original question is whether there would be a problem in transmitting the logs. The answer depends on how the agent will be sending the logs. If it just uses UDP and the syslog port number then transmission of logs should go through without a problem. But if the agent is sending the logs using anything that expects a reply/acknowledgement then there would be a problem because the reply/acknowledgement may not find the correct source.
I believe that there is a bigger question here than just will the log messages be sent. What if a log message is sent from an agent that indicates a problem on the workstation? How do you interpret that error and how do you respond to it if you can not identify the particular workstation that generated the message? (if the error came from 192.168.7.241 and there are 4 workstations that have this IP then which workstation do you go to?)
And there is a bigger problem than just managing syslog messages. If multiple devices in the network may have the same IP then how will they function on the network? If a workstation has IP 192.168.14.122 and is running an application that requests some data and there are multiple workstations that use this IP address then how does the application get its data? A network where multiple workstations may have the same IP address is a problem. The best solution to the issue is to have some system that assures that each workstation IP address is unique (such as using DHCP to assign addresses) or if IP addresses are manually configured then some system that manages addresses being used to prevent duplicate addresses. A different solution might be to divide the network into several parts (think several areas) where you can assure that within an area IP addresses are unique, and to use address translation when communicating between areas.