I figured it out..thanks for the help. The syntax is destination iadrse { tcp("192.168.18.90" port(514)); }; Ravi --- Ravi Malghan <rmalghan@yahoo.com> wrote:
Thanks Hamilton. But for some reason, when I run the syslog-ng at the client side with destination iadrse {tcp(ip(192.168.18.90) port(514));}; I get an error at this line. Basically I am trying to send the messages to host 192.168.18.90. I tried the old format also destination iadrse { tcp 192.168.18.90,514;};
I get a parse error at that line. Any suggestions.
Thanks again. Ravi --- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" <HamiltonA@hq.5sigcmd.army.mil> wrote:
Ravi,
Well, you are close but not quite there. When you set up a network source such as tcp or udp you are merely setting up a socket on which the server listens. It doesn't listen for a particular host.
You set the server up to receive from a source and then you have your client log to that ip/port on the server. For example:
source s_tcp { tcp(ip(192.168.1.1) port(2222)); };
This will cause syslog-ng to listen for log messages on the interface with 192.168.1.1 ip address and port number 2222. It doesn't matter where the messages is coming from. That is handled with the filters:
filter f_host10 { host("192.168.10.1"); };
This will filter out the host with the ip address of 192.168.10.1.
Then to log the remote host to the server you would use this line in your server:
log { source(s_tcp); filter(f_host10); destination(d_host10); };
where d_host10 is a destination which the definition is not shown here.
Hope this helps.
Regards, Drew -----Original Message----- From: Ravi Malghan [mailto:rmalghan@yahoo.com] Sent: Friday, July 13, 2001 5:25 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]some basic questions syslog-ng
So if I want to accept syslog messages on syslog-ng server X/port: 1111 from host 192.168.1.1, port: 2222 and host 192.168.10.1, port: 2222. I will have the following on server X source host10 {tcp(ip(192.168.1.1) port(2222); tcp(ip(192.168.10.1) port(2222); }; destination host10logs { file("/var/adm/host10.log" compress(on) sync(0); }; log {source(host10);destination(host10logs); };
Is this correct? I will similarly set the destination on the client machines to have destination {tcp(ip(server X) port (1111);} What does filter host10 {host("192.168.1.1"); }; give me ? Thanks Ravi
--- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD" <HamiltonA@hq.5sigcmd.army.mil> wrote:
1. The client syslog-ng makes a TCP connection to the server which is listening for a TCP request. 2. Standard syslog is UDP and doesn't do TCP. You have to have syslog-ng on both the client and the server. 3. The port is the same as the UDP port, 514. You can have both types on the same port. Yes you do have control over it.
You can change the source port on the server and change the destination port on the client.
Regards, Drew -----Original Message----- From: Ravi Malghan [mailto:rmalghan@yahoo.com] Sent: Thursday, July 12, 2001 9:58 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]some basic questions syslog-ng
Hi I have few basic questions about syslog-ng. If somebody can give me answers or give me some pointers. I am using syslog-ng to log syslog messages from a client to server and a firewall between them. 1. How is the sysloging TCP instead of UDP? Is this something the syslog-ng needs to be configured. 2. The client which initiates the syslog logging, is this normal syslog client? or do I need to install syslog-ng there too? 3.When it uses TCP, which port does it use? Does the user have control over the port number?
Thanks in advance Ravi
Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________ syslog-ng maillist -
syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/