Re: [syslog-ng] Error in documentation on syslog() source port

Why? This is a documentation issue, not a config issue. modules/afsocket/afsocket-grammar.y:899 source_afsyslog_params : { (*last_driver) = afinet_sd_new(last_addr_family, NULL, 601, AFSOCKET_STREAM | AFSOCKET_SYSLOG_PROTOCOL); last_reader_options = &((AFSocketSourceDriver *) (*last_driver))->reader_options; last_sock_options = &((AFInetSourceDriver *) (*last_driver))->sock_options.super; } source_afsyslog_options { $$ = (*last_driver); } ; The third argument to afinet_sd_new is the port number, notice the 601? source_afinet_option : KW_LOCALIP '(' string ')' { afinet_sd_set_localip((*last_driver), $3); free($3); } | KW_IP '(' string ')' { afinet_sd_set_localip((*last_driver), $3); free($3); } | KW_LOCALPORT '(' string_or_number ')' { afinet_sd_set_localport((*last_driver), $3, afinet_sd_get_proto_name((*last_driver))); free($3); } | KW_PORT '(' string_or_number ')' { afinet_sd_set_localport((*last_driver), $3, afinet_sd_get_proto_name((*last_driver))); free($3); } | source_reader_option | inet_socket_option ; See the KW_PORT? This tells it to change the port number of the socket when it encounters port() in the config. Thus if it never sees a KW_PORT, it never changes it from 601. Sent: Mon Oct 03 2011 08:05:55 GMT-0600 (MST) From: Frank Collette <FCollette@trustmark.com> To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Error in documentation on syslog() source port

Post your source config.. feel free to mask your ip/hostname.

Thanks,

Frank E. Collette IV Technical Services Systems Administrator II Trustmark National Bank Office: 601-208-7517 Fax: 601-208-6105 fcollette@trustmark.com

From: "Patrick H." <syslogng@feystorm.net> To: cdukes@cdukes.com, Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Cc: Clayton Dukes <cdukes@gmail.com> Date: 10/03/2011 08:58 AM Subject: Re: [syslog-ng] Error in documentation on syslog() source port Sent by: syslog-ng-bounces@lists.balabit.hu ------------------------------------------------------------------------

Actually I'm using both protocols, and I get the same behavior with both.

-Patrick

Sent: Mon Oct 03 2011 07:55:46 GMT-0600 (MST) From: Clayton Dukes _<cdukes@gmail.com>_ <mailto:cdukes@gmail.com> To: Syslog-ng users' and developers' mailing list _<syslog-ng@lists.balabit.hu>_ <mailto:syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Error in documentation on syslog() source port Are you by chance using tcp? If so, the default is 601: _http://www.ietf.org/rfc/rfc3195.txt_

______________________________________________________________

Clayton Dukes ______________________________________________________________

On Sun, Oct 2, 2011 at 9:44 PM, Patrick H. <_syslogng@feystorm.net_ <mailto:syslogng@feystorm.net>> wrote: The syslog-ng admin guide for 3.2 says the default port for syslog() sources is 514. This isnt the observed behavior. When a syslog() source is configured without specifying the port, it listens on 601

______________________________________________________________________________ Member info: _https://lists.balabit.hu/mailman/listinfo/syslog-ng_ Documentation: _http://www.balabit.com/support/documentation/?product=syslog-ng_ FAQ: _http://www.balabit.com/wiki/syslog-ng-faq_

______________________________________________________________________________ Member info: _https://lists.balabit.hu/mailman/listinfo/syslog-ng_ Documentation: _http://www.balabit.com/support/documentation/?product=syslog-ng_ FAQ: _http://www.balabit.com/wiki/syslog-ng-faq_

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq