On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
Balazs Scheidler wrote:
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
ip is an alias for localip(), but it's true that all examples use ip(). -- Bazsi