Hi Vadim, according to your configuration, you are using syslog-ng version 3.5. Note that the disk-buffer feature is available from 3.9. You can find recent packages for various platforms here: https://syslog-ng.org/3rd-party-binaries/ HTH, Robert On Thu, May 18, 2017 at 4:14 AM, Scot <scotrn@gmail.com> wrote:
I think your looking for the disk buffer options on your destination.
https://www.balabit.com/documents/syslog-ng-pe-latest- guides/en/syslog-ng-pe-guide-admin/html/configuring-diskbuffer-normal.html
disk-buffer( reliable(no) # If set to no, the normal disk-buffer will be used. This provides a faster, option dir("/opt/syslog-ng/buffer") disk-buf-size(10485760) mem-buf-length(100000) # number of messages stored in overflow queue )
On Wed, May 17, 2017 at 4:43 PM, wiskbroom@hotmail.com < wiskbroom@hotmail.com> wrote:
Hello!
I am trying to build a syslog-ng.conf for a DMZ relay that will listen on several TCP and UDP ports, all working just great.
My config essentially captures traffic, then redirects each connection internally from itself.
What happens if my internal host goes down? I am hoping to store locally if connectivity is down, but not sure where or how that would get defined.
I need to keep a direct relationship between ports, as my internal syslog-ng treats these ports differently, so redirecting to the same as received is key.
Below is my DMZ relay syslog-NG config file, any offers to make it better greatly appreciated.
-Vadim -------------------------syslog-ng.conf------------------------------
@version:3.5
@include "scl.conf"
@include "/etc/syslog-ng/conf.d/*.conf"
options {
time-reap(30);
mark-freq(10);
keep-hostname(yes);
chain_hostnames (off);
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
use_dns (yes);
use_fqdn (no);
create_dirs (no);
};
source s_udp-relay {
udp(ip(0.0.0.0) port(514) so_rcvbuf(425984));
};
source s_tcp-relay-514 {
tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(425984) log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
};
source s_tcp-relay-7514 {
tcp(ip(0.0.0.0) port(7514) max-connections(250) so_rcvbuf(425984) log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
};
destination d_syslog_udp { udp("10.5.5.5" port(514)); };
destination d_syslog_tcp-514 { tcp("10.5.5.5" port(514)); };
destination d_syslog_tcp-7514 { tcp("10.5.5.5" port(7514)); };
log { source(s_udp-relay); destination(d_syslog_udp); };
log { source(s_tcp-relay-514); destination(d_syslog_tcp-514); };
log { source(s_tcp-relay-7514); destination(d_syslog_tcp-7514); };
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq