<div dir="ltr">Hi Vadim, <div>according to your configuration, you are using syslog-ng version 3.5. Note that the disk-buffer feature is available from 3.9. You can find recent packages for various platforms here: <a href="https://syslog-ng.org/3rd-party-binaries/">https://syslog-ng.org/3rd-party-binaries/</a></div><div><br></div><div>HTH, </div><div><br></div><div>Robert</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 18, 2017 at 4:14 AM, Scot <span dir="ltr"><<a href="mailto:scotrn@gmail.com" target="_blank">scotrn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I think your looking for the disk buffer options on your destination. <div><br></div><div><a href="https://www.balabit.com/documents/syslog-ng-pe-latest-guides/en/syslog-ng-pe-guide-admin/html/configuring-diskbuffer-normal.html" target="_blank">https://www.balabit.com/<wbr>documents/syslog-ng-pe-latest-<wbr>guides/en/syslog-ng-pe-guide-<wbr>admin/html/configuring-<wbr>diskbuffer-normal.html</a><br></div><div><br></div><div><div><div> disk-buffer(</div><div> reliable(no) # If set to no, the normal disk-buffer will be used. This provides a faster, option</div><div> dir("/opt/syslog-ng/buffer")</div><div> disk-buf-size(10485760)</div><div> mem-buf-length(100000) # number of messages stored in overflow queue</div><div> )</div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Wed, May 17, 2017 at 4:43 PM, <a href="mailto:wiskbroom@hotmail.com" target="_blank">wiskbroom@hotmail.com</a> <span dir="ltr"><<a href="mailto:wiskbroom@hotmail.com" target="_blank">wiskbroom@hotmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div dir="ltr">
<div id="m_-1914205994187622381m_7885236119884227263divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif" dir="ltr">
<p>Hello!</p>
<p><br>
</p>
<p>I am trying to build a syslog-ng.conf for a DMZ relay that will listen on several TCP and UDP ports, all working just great.</p>
<p>My config essentially captures traffic, then redirects each connection internally from itself.</p>
<p><br>
</p>
<p>What happens if my internal host goes down? I am hoping to store locally if connectivity is down, but not sure where or how that would get defined.</p>
<p><br>
</p>
<p>I need to keep a direct relationship between ports, as my internal syslog-ng treats these ports differently, so redirecting to the same as received is key.</p>
<p><br>
</p>
<p>Below is my DMZ relay syslog-NG config file, any offers to make it better greatly appreciated.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p>-Vadim</p>
<div>-------------------------syslo<wbr>g-ng.conf---------------------<wbr>---------</div>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">@version:3.5<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">@include "scl.conf"<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">@include "/etc/syslog-ng/conf.d/*.conf"<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">options {<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> time-reap(30);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> mark-freq(10);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> keep-hostname(yes);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> chain_hostnames (off);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> flush_lines (0);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> time_reopen (10);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> log_fifo_size (1000);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> use_dns (yes);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> use_fqdn (no);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> create_dirs (no);<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">};<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">source s_udp-relay {<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> udp(ip(0.0.0.0) port(514) so_rcvbuf(425984));
<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">};<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><br>
</p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">source s_tcp-relay-514 {<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(425984) log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">};<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"><u></u> <u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">source s_tcp-relay-7514 {<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"> tcp(ip(0.0.0.0) port(7514) max-connections(250) so_rcvbuf(425984) log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">};<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">destination d_syslog_udp { udp("10.5.5.5" port(514)); };<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">destination d_syslog_tcp-514 { tcp("10.5.5.5" port(514)); };<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">destination d_syslog_tcp-7514 { tcp("10.5.5.5" port(7514)); };<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN"><u></u> <u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">log { source(s_udp-relay); destination(d_syslog_udp); };<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">log { source(s_tcp-relay-514); destination(d_syslog_tcp-514); };<u></u><u></u></span></p>
<p class="MsoNormal" style="line-height:115%;margin-bottom:10pt"><span lang="EN">log { source(s_tcp-relay-7514); destination(d_syslog_tcp-7514)<wbr>; };</span></p>
<p><br>
</p>
<p><br>
</p>
<div> </div>
</div>
</div>
<br></div></div>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>