Hit send too soon. Meant to also say: The way I see it, your remote hosts have to be servers of some sort, as they are accepting connections. And the centralized collection must behave as a client of some sort. So, although your setup is "backwards" in many respects, it's definitely do-able, a number of ways :) Matt Cuttler wrote:
Jon Sabo wrote:
Why would stunnel be involved? I don't need to secure the communication across the link.
Not for encryption, in your case, but to have your centralized collector initiate the connection to your remote hosts.
I'm assuming that you've got some packet filtering, firewalls etc. in place, presumably something that keeps state? This is why I mention stunnel.
So can you configure syslog-ng to pull logs?
Not to my knowledge, unless perhaps you had some distributed filesystem. But of course that'd be another work-around (like stunnel). You might want to look at all the "sources" section of the administrators manual in case I missed something (very possible).