<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">Hi everyone,</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">I compiled version 3.3.3 and tried getting a client and server to talk based on the documentation on the balabit site, specifically the documentation for OSE version 3.3.</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">The server config file:</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">--</div><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">source remotelogs { syslog( port(2072) transport(tcp) ); }
;</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">destination r_log { file("/var/log/remotelogs/all"); };</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">log{ source(remotelogs); destination(r_log); } ;</font></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">--</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">And the client sending:</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">--</div><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"># remote logging test log</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"
size="2">#</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><div>@version: 3.3</div><div><br></div><div>source s_kern { file("/proc/kmsg"); };</div><div>source s_local { unix-stream("/dev/log"); internal(); };</div><div><br></div><div>destination d_file {file("/var/log/messages"); };</div><div>destination d_secure { file("/var/log/secure");};</div><div><br></div><div># set the filters</div><div>filter f_messages { not facility(auth, authpriv);};</div><div>filter f_authpriv { facility(auth, authpriv); };</div><div><br></div></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">destination loghost { tcp(10.195.105.214 port(2072) ); };</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">log { source(s_kern) ; source(s_local) ; filter(f_messages) ; destination(loghost) ; } ;</font></div><div><font
class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">--</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">There are some other log directives there for local files, I'll post them if people want to see them</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">So when this runs, I get on the server:</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">Dec 7 11:18:05 xxxxxxxxxx syslog-ng[4188]: Syslog connection closed; fd='21', client='AF_INET(10.203.54.9:54837)', local='AF_INET(0.0.0.0:2072)'</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div
style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">And the client:</div><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">Dec 7 11:19:04 xxxxxxxxxxxx syslog-ng[1735]: Syslog connection established; fd='20', server='AF_INET(10.195.105.214:2072)', local='AF_INET(0.0.0.0:0)'</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">I read the email thread from 2009, and tried the vanilla configs - any ideas?</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2">Thanks,</font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="2"><br></font></div><div><font class="Apple-style-span" face="arial,
helvetica, sans-serif" size="2">Jan</font></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><br></div></div></div></div></div></body></html>