Thanks so much for your reply. 1. The network is 192.168.1.* class C 2. The receiver's mask is 255.255.255.0 and he is at 192.168.1.14 3. The sender's mask is 255.255.255.0 and he is at 192.168.1.10 4. The router is not filtering within the network - only outside routes are filtered - and although I don't know about no ip directed-broadcast, snort and ipfw on the receiver tell me that there are broadcasts arriving at the receiver all the time (DHCP, for instance) 5. Syslog-ng successfully sends logs to 192.168.1.14 if I configure it using that specific IP address, so messages are getting thru 6. netstat on the receiver shows udp4 0 0 *.514 *.* udp46 0 0 *.514 *.* [I don't know why there are two entries - but it works] the receiver is a Mac OSX machine and one enables syslogd this way ("-u" means listen on udp port 514): sudo syslogd -m 0 -u Further help would be highly appreciated. My ultimate question is what the configuration line in syslog-ng should look like to get it to broadcast. Maybe this gives you enough information that we could figure that out. *If* syslog-ng can do broadcast, that is. [Jim] On 4/22/06 12:23 AM, "Kevin" <kkadow@gmail.com> wrote:
On 4/21/06, Jim Schuyler <sky@red7.com> wrote:
Although I have tried to convince my client that this isnĀ¹t exactly the best idea, they want to configure syslog-ng to send logs by broadcast rather than to a specific address on their subnet.
IMHO, it's not always a _bad_ idea, if you really know why you're doing it.
(I have tried using 192.168.1.255 and 255.255.255.255 and neither seems to do it, although I might not be properly configured on the other end to receive broadcasts...the other end is Mac OSX and it does receive messages just fine if I configure 192.168.1.14, as above.)
What's the netmask of the interface on the host receiving these logs?
Does 'netstat -nap udp' on the recieving host show *.514 as the listener?
Is the sender on the same subnet as the receiving host? If not, does the router serving the receiver have "no ip directed-broadcast" or the equivalent setting?
Kevin _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Jim Schuyler <sky@red7.com> red 7 communications, inc. San Francisco, California USA PGP key ID: 0x93618262 Have a FIT! ... http://red7.com/fits.html