<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Thx for your explanation very clear and relevant ;)<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Message d'origine ----<br>De : Bill Nash <billn@billn.net><br>À : Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>Envoyé le : Jeudi, 25 Janvier 2007, 18h19mn 10s<br>Objet : Re: [syslog-ng] udp Error binding socket;<br><br><div><br>I think you've implemented this incorrectly.<br><br>A 'remote source' is a sender, and your host will be a destination. In <br>relative terms, syslog-ng will need a listening socket to receive the <br>information, so you'll configure a source using an address that actually <br>belongs to the server running
syslog-ng.<br><br>For this to work, you need to declare your source to be your local device. <br>Your server cannot bind 192.168.7.2 because it's the address of the remote <br>machine, and it can't find a local interface with that address.<br><br>Look for, or create, a source in your syslog-ng config with this setting:<br> udp(ip(0.0.0.0) port(514));<br><br>This would create a local listening socket that will receive syslog from <br>*all* remote hosts, such as your firewall. On your firewall, configure <br>the logging options to send to the address of your syslog server.<br><br>[ Firewall ] ----> udp/514 ----> [Your syslog host]<br>192.168.7.2 192.168.7.10<br><br>(I'm making up the 192.168.7.10 address just to fill in my examples <br>below.)<br><br>So, on my log
collector, I would have a source like this:<br>source s_sys {<br> file ("/proc/kmsg" log_prefix("kernel: "));<br> unix-stream ("/dev/log");<br> internal();<br> udp(ip(0.0.0.0) port(514));<br>};<br><br>The '0.0.0.0' address tells syslog-ng to use any network interface on your <br>server, regardless of it's actual IP address. You can replace with the <br>address of your network interface, if you prefer.<br><br>For hosts sending to the log collector, for example, another syslog-ng <br>device:<br>destination loghost { udp("192.168.7.10" port(514)); };<br><br>Or a PIX firewall:<br>logging host dmz1 192.168.7.10<br><br>Or a Cisco router:<br>logging 192.168.7.10<br><br>Hope that helps, drop me a note if you need more info.<br><br>- billn<br><br>On Thu, 25 Jan 2007, news gonzo news gonzo wrote:<br><br>> Hello,<br>I have an error when I try to use a remote source <br>I'm under RedHas AS3
Syslog2rc1.<br>my config is : <br>source s_remote_fw {<br> udp(ip(192.168.7.2) port(514));<br>};<br><br>And the error is :<br>Error binding socket; addr='AF_INET(192.168.7.2:514)', error='Cannot assign requested address (99)'<br>Error initializing source driver; source='s_remote_fw'<br><br><br>Thanks for your help<br><br><br><br><br> <br><br> <br> <br>___________________________________________________________________________ <br>Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.<br><a target="_blank" href="http://fr.mail.yahoo.com">http://fr.mail.yahoo.com</a></div><div>_______________________________________________<br>syslog-ng maillist - syslog-ng@lists.balabit.hu<br><a target="_blank"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a target="_blank" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></div></div><br></div></div><br>
<hr size="1">
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur <a href="http://fr.rd.yahoo.com/evt=42054/*http://fr.answers.yahoo.com">Yahoo! Questions/Réponses</a>.</body></html>