RE: [syslog-ng]bind_inet_socket() error
I found the answer by filtering by hosts. Thanks! -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Walt Rich Sent: Wednesday, October 27, 2004 9:22 AM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]bind_inet_socket() error Is there a link that you could forward that would explain how to do this? I'm a newbie to Linux and Syslog-ng. Thanks for everyone's assistance with this. -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Nate Campi Sent: Tuesday, October 26, 2004 8:00 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]bind_inet_socket() error Right, packet filter and/or compile with TCP wrappers for access control, syslog-ng itself won't do that for you. On Tue, Oct 26, 2004 at 02:11:18PM -0500, Dave Johnson wrote:
* Set you max connections to the number of connections that you anticipate. * Otherwise-- Firewall.
On Mon, 25 Oct 2004 10:29:08 -0500, Walt Rich <walt.rich@parago.com> wrote:
OK, I see what you mean.
What is the syntax for setting up a source that is an IP address that is not local? I'm trying to set up a centralized logging server and would like for it to receive logging from other servers, but I would like to be able to specify the IP addresses that it will accept input from.
Thanks!
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Sunday, October 24, 2004 3:53 AM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]bind_inet_socket() error
On Sun, 2004-10-24 at 00:36, Walt Rich wrote:
Response to a) shows: # ifconfig -a | grep 172 inet 172.16.100.202 netmask ffffff00 broadcast 172.16.100.255
but you are trying to bind to 172.16.65.61, which is not local. (your local IP is .202)
(for TCP sources you are specifying the bind IP and not the IP address you want to receive messages from)
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Nate "Usenet is distributed network anarchy at its best--or worst, depending on what is posted on any particular day." - Fiedler, David in 'Byte' _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
www.netfilter.org --- essentially for a basic iptables overview: * select filtered directions - inbound, outbound * create filter name * allow traffic on filter name * deny rest on filter name You can do most filtering with one filtername. This starts to get OT for this mailist list, but to get you jumpstarted-- To allow ssh, tcp 514 (syslog), anything from localhost, and locally generated traffic going out: -------- sample netfilter config ------- *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6:344] :FW-1-INPUT - [0:0] -A INPUT -j FW-1-INPUT -A FORWARD -j FW-1-INPUT -A FW-1-INPUT -i lo -j ACCEPT -A FW-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A FW-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FW-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A FW-1-INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT -A FW-1-INPUT -p tcp -m tcp --dport 137 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A FW-1-INPUT -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable -A FW-1-INPUT -p tcp -m tcp --dport 138 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A FW-1-INPUT -p udp -m udp --dport 138 -j REJECT --reject-with icmp-port-unreachable -A FW-1-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A FW-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ---end of config example--------- * Change the 514 line to add "-s" with the source ip host or network you want to allow. On Wed, 27 Oct 2004 17:42:14 -0500, Walt Rich <walt.rich@parago.com> wrote:
I found the answer by filtering by hosts.
Thanks!
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Walt Rich Sent: Wednesday, October 27, 2004 9:22 AM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]bind_inet_socket() error
Is there a link that you could forward that would explain how to do this? I'm a newbie to Linux and Syslog-ng.
Thanks for everyone's assistance with this.
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Nate Campi Sent: Tuesday, October 26, 2004 8:00 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]bind_inet_socket() error
Right, packet filter and/or compile with TCP wrappers for access control, syslog-ng itself won't do that for you.
On Tue, Oct 26, 2004 at 02:11:18PM -0500, Dave Johnson wrote:
* Set you max connections to the number of connections that you anticipate. * Otherwise-- Firewall.
On Mon, 25 Oct 2004 10:29:08 -0500, Walt Rich <walt.rich@parago.com> wrote:
OK, I see what you mean.
What is the syntax for setting up a source that is an IP address that is not local? I'm trying to set up a centralized logging server and would like for it to receive logging from other servers, but I would like to be able to specify the IP addresses that it will accept input from.
Thanks!
-----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Sunday, October 24, 2004 3:53 AM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]bind_inet_socket() error
On Sun, 2004-10-24 at 00:36, Walt Rich wrote:
Response to a) shows: # ifconfig -a | grep 172 inet 172.16.100.202 netmask ffffff00 broadcast 172.16.100.255
but you are trying to bind to 172.16.65.61, which is not local. (your local IP is .202)
(for TCP sources you are specifying the bind IP and not the IP address you want to receive messages from)
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Nate
"Usenet is distributed network anarchy at its best--or worst, depending on what is posted on any particular day." - Fiedler, David in 'Byte'
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Dave Johnson
-
Walt Rich