We are using version 1.6.0rc4 As part of our regression testing we attempt to send a log message to a host that is non-existent (123.124.125.126) We expect to see in our log the error message Connection Broken, we are not seeing that. here is the parts of our conf file that are relevant destination tcsvlogfile { file("/var/log/svlogtc"); }; destination badsyslogsrvr { udp("123.124.125.126" port(514)); }; filter f_ic17 { match( "ic_17 test message" ); }; log { source(src); filter(f_ic17); destination(badsyslogsrvr); }; log { source(src); destination(tcsvlogfile); }; Now when I send the command logger "ic_17 test message" I see the corresponding "ic_17 test message" message in /var/log/svlogtc but I do not see the error that it could not send the message to badsyslogsrvr. i.e. Connection Broken ... Are error messages from syslog-ng not logged ( I could understand this as it could end up in a nasty recursion loop) Thanks. Richard Legault Senior Engineer 519-880-2400 ext 2722 www.sandvine.com
On 7/8/05, Richard Legault <rlegault@sandvine.com> wrote:
We are using version 1.6.0rc4
As part of our regression testing we attempt to send a log message to a host that is non-existent (123.124.125.126) We expect to see in our log the error message Connection Broken, we are not seeing that.
But it's a UDP destination, so syslog-ng actually could (assuming your server has a default route set) generate a UDP packet with that destination IP... it just never actually arrives. IOW, UDP is connectionless, so there is no connection to be broken.
here is the parts of our conf file that are relevant
destination tcsvlogfile { file("/var/log/svlogtc"); }; destination badsyslogsrvr { udp("123.124.125.126" port(514)); };
filter f_ic17 { match( "ic_17 test message" ); };
log { source(src); filter(f_ic17); destination(badsyslogsrvr); }; log { source(src); destination(tcsvlogfile); };
It would be interesting to try the same test, but with a TCP destination instead. Kevin Kadow
I'm just curious. I've got a remote server I'd like to get logs from 'securely'. I was thinking of having it use syslog-ng to use TCP, then stunnel back to a local stunnel instance where my central log server is, which then drops it back off at a local port unencrypted. Has anyone ever tried this/gotten it to work well? Advice? Suggetions? Other ideas? Thanks! Brian
There is a how-to on this here: http://www.sun.com/bigadmin/features/articles/syslog_ng.html#3 It works respectably well, but it adds a lot of failure modes (in my opinion) to the transport of your logs. Jerry http://www.syslog.org
I'm just curious. I've got a remote server I'd like to get logs from 'securely'. I was thinking of having it use syslog-ng to use TCP, then stunnel back to a local stunnel instance where my central log server is, which then drops it back off at a local port unencrypted.
Has anyone ever tried this/gotten it to work well? Advice? Suggetions? Other ideas?
Thanks! Brian
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Jerry Bell
-
Kevin
-
Reclo
-
Richard Legault