[syslog-ng]some basic questions syslog-ng

Ravi Malghan rmalghan@yahoo.com
Mon, 16 Jul 2001 11:36:23 -0700 (PDT) 

Thanks Hamilton. But for some reason, when I run
the syslog-ng at the client side with
destination iadrse {tcp(ip(192.168.18.90)
port(514));};
I get an error at this line.  Basically I am trying to
send the messages to host 192.168.18.90.
I tried the old format also
destination iadrse { tcp 192.168.18.90,514;};

I get a parse error at that line. Any suggestions.

Thanks again.
Ravi
--- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
<HamiltonA@hq.5sigcmd.army.mil> wrote:
> Ravi,
> 
> Well, you are close but not quite there.  When you
> set up a network source
> such as tcp or udp you are merely setting up a
> socket on which the server
> listens.  It doesn't listen for a particular host. 
> You set the server up to
> receive from a source and then you have your client
> log to that ip/port on
> the server.  For example:
> 
> source s_tcp { tcp(ip(192.168.1.1) port(2222)); };
> 
> This will cause syslog-ng to listen for log messages
> on the interface with
> 192.168.1.1 ip address and port number 2222.  It
> doesn't matter where the
> messages is coming from.  That is handled with the
> filters:
> 
> filter f_host10 { host("192.168.10.1"); };
> 
> This will filter out the host with the ip address of
> 192.168.10.1.
> 
> Then to log the remote host to the server you would
> use this line in your
> server:
> 
> log { source(s_tcp); filter(f_host10);
> destination(d_host10); };
> 
> where d_host10 is a destination which the definition
> is not shown here.
> 
> Hope this helps.
> 
> Regards,
> Drew
> -----Original Message-----
> From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> Sent: Friday, July 13, 2001 5:25 PM
> To: syslog-ng@lists.balabit.hu
> Subject: RE: [syslog-ng]some basic questions
> syslog-ng
> 
> 
> So if I want to accept syslog messages on syslog-ng
> server X/port: 1111 from host 192.168.1.1, port:
> 2222
> and host 192.168.10.1, port: 2222.
> I will have the following on server X
> source host10 {tcp(ip(192.168.1.1) port(2222);
> tcp(ip(192.168.10.1) port(2222); };
> destination host10logs { file("/var/adm/host10.log"
> compress(on) sync(0); };
> log {source(host10);destination(host10logs); };
> 
> Is this correct? I will similarly set the
> destination
> on the client machines to have destination
> {tcp(ip(server X) port (1111);}
> What does filter host10 {host("192.168.1.1"); };
> give
> me ?
> Thanks
> Ravi
> 
> --- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
> <HamiltonA@hq.5sigcmd.army.mil> wrote:
> > 1. The client syslog-ng makes a TCP connection to
> > the server which is
> > listening for a TCP request.
> > 2. Standard syslog is UDP and doesn't do TCP.  You
> > have to have syslog-ng on
> > both the client and the server.
> > 3. The port is the same as the UDP port, 514.  You
> > can have both types on
> > the same port.  Yes you do have control over it. 
> > You can change the source
> > port on the server and change the destination port
> > on the client.
> > 
> > Regards,
> > Drew
> > -----Original Message-----
> > From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> > Sent: Thursday, July 12, 2001 9:58 PM
> > To: syslog-ng@lists.balabit.hu
> > Subject: [syslog-ng]some basic questions syslog-ng
> > 
> > 
> > Hi I have few basic questions about syslog-ng. If
> > somebody can give me answers or give me some
> > pointers.
> > I am using syslog-ng to log syslog messages from a
> > client to server and a firewall between them. 
> > 1. How is the sysloging TCP instead of UDP? Is
> this
> > something the syslog-ng needs to be configured. 
> > 2. The client which initiates the syslog logging,
> is
> > this normal syslog client? or do I need to install
> > syslog-ng there too?
> > 3.When it uses TCP, which port does it use? Does
> the
> > user have control over the port number?
> > 
> > Thanks in advance
> > Ravi
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> > http://personal.mail.yahoo.com/
> > 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/