Hi, Balazs Scheidler <bazsi@balabit.hu> [20061021 21:26:38 +0200]:
On Fri, 2006-10-20 at 17:19 +0100, Alexander Clouter wrote:
Hi,
Time to reply to my own email....
Alexander Clouter <ac56@soas.ac.uk> [20061019 10:25:38 +0100]:
[snipped]
What I am planning on doing is having something like the following in my syslog-ng.conf file which is fantastic as to add logging groups I just add extra udp() lines to s_multicastGeneric and nothing else is needed. At the moment I would need separate source/destination/log entries per multicast group address, which is upsetting and results in a hideous configuration file.
It took me a while to understand what you want to accomplish, and to be honest the only reason I understood it is that you attached a patch. :)
heh heh.
The reason I did not understand your original post was that I can't remember all defined macro names in syslog-ng and $DESTIP in your configuration snipped simply did not jump out at first. :)
In fact the patch is not that horrible :) and the idea is sane. It is also useful when someone has a listener bound to '0.0.0.0' and logs are to be put on a receiving-interface specific file.
One thing to bear in mind, I am pretty sure that using getsockname() will only return the *binding* address, so you might actually only get '0.0.0.0' back from a socket thats bound to 0.0.0.0. Its going to show you no more than what you would gain looking at the 'local address' coloumn when you run 'netstat -lnut'. The getsockname() method works for me as I explictly tell syslog-ng to listen on a particular address, I bind with 'udp(ip(239.123.120.5) port(514))', so calling getsockname() on that socket returns '239.123.120.5'. This is not so helpful for others unless they also type specific multiple udp()/tcp() commands into their configuration, however getsockname() *very* cross platform compatible. In practice its not a bad limitation as you would hope the syslog-ng logging servers out there are on static IPs :) The alternative approach is to use the Linux specific socket option IP(V6)_PKTINFO[1], or for *BSD people its IP_RECVDSTADDR (for both IPv4 and IPv6) if I am right, and then instead of calling recvfrom() you use recvmsg() and you get a lot of UDP header information.
Thanks for your contribution, I'll see to adding a DESTIP support, once I have dealt with the current blockers for 2.0.0.
Cheers, that would be great if you could. Have a good weekend Alex [1] http://groups.google.com/group/linux.kernel/msg/e5df1c1bf1fa7aea?dmode=sourc...
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html