Why?
This is a documentation issue, not a config issue.
modules/afsocket/afsocket-grammar.y:899
source_afsyslog_params
:
{
(*last_driver) = afinet_sd_new(last_addr_family,
NULL, 601,
AFSOCKET_STREAM | AFSOCKET_SYSLOG_PROTOCOL);
last_reader_options = &((AFSocketSourceDriver *)
(*last_driver))->reader_options;
last_sock_options = &((AFInetSourceDriver *)
(*last_driver))->sock_options.super;
}
source_afsyslog_options { $$ = (*last_driver); }
;
The third argument to afinet_sd_new is the port number, notice
the 601?
source_afinet_option
: KW_LOCALIP '(' string ')' {
afinet_sd_set_localip((*last_driver), $3); free($3); }
| KW_IP '(' string ')' {
afinet_sd_set_localip((*last_driver), $3); free($3); }
| KW_LOCALPORT '(' string_or_number ')' {
afinet_sd_set_localport((*last_driver), $3,
afinet_sd_get_proto_name((*last_driver))); free($3); }
| KW_PORT '(' string_or_number ')' {
afinet_sd_set_localport((*last_driver), $3,
afinet_sd_get_proto_name((*last_driver))); free($3); }
| source_reader_option
| inet_socket_option
;
See the KW_PORT? This tells it to change the port number of the
socket when it encounters port() in the config. Thus if it never
sees a KW_PORT, it never changes it from 601.
Sent: Mon Oct 03 2011 08:05:55 GMT-0600 (MST)
From: Frank Collette <FCollette@trustmark.com>
To: Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Error in documentation on syslog() source
port
Post your source
config.. feel free to
mask your ip/hostname.
Thanks,
Frank E. Collette IV
Technical Services
Systems Administrator II
Trustmark National Bank
Office: 601-208-7517
Fax: 601-208-6105
fcollette@trustmark.com
From:
"Patrick H."
<syslogng@feystorm.net>
To:
cdukes@cdukes.com,
Syslog-ng users' and developers' mailing list
<syslog-ng@lists.balabit.hu>
Cc:
Clayton Dukes
<cdukes@gmail.com>
Date:
10/03/2011 08:58 AM
Subject:
Re: [syslog-ng]
Error in documentation on syslog() source port
Sent by:
syslog-ng-bounces@lists.balabit.hu
Actually I'm using both protocols,
and I
get the same behavior with both.
-Patrick
Sent: Mon Oct 03 2011 07:55:46 GMT-0600 (MST)
From: Clayton Dukes <cdukes@gmail.com>
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Error in documentation on syslog()
source port
Are you by chance using tcp? If so,
the
default is 601:
http://www.ietf.org/rfc/rfc3195.txt
______________________________________________________________
Clayton Dukes
______________________________________________________________
On Sun, Oct 2, 2011 at 9:44 PM,
Patrick
H. <syslogng@feystorm.net>
wrote:
The syslog-ng admin guide for 3.2
says the
default port for syslog() sources is 514. This isnt the observed
behavior.
When a syslog() source is configured without specifying the
port, it listens
on 601
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq