Jon Sabo wrote:
Is it possible to use syslog-ng to pull logs from a remote host? If you had a network where only inbound sessions were allowed but nothing was allowed to initiate a connection back, could you have a central syslog-ng server that went out and initiated connections/sessions to remote hosts and pulled back logs?
You could run an stunnel daemon on the remote host; from your centralized syslog-ng collector you would initiate the stunnel connection to said remote host. I.e. use the central collector in stunnel client mode, and set up an stunnel in server mode on the remote host. The premium/commercial syslog-ng supports TLS/SSL, but I don't know if you can differentiate between client and server the same way which you can do with an external tool such as stunnel. -Matt Cuttler