Need some help with syslog-ng configuration on firewalled environment
Hi All, Need some help with syslog configuration on firewalled environment. I wanted to implement syslog-ng in firewalled environment. The setup is like: I have one Syslog-ng outside the firewall which collects logs from various components in the network. Now what I want is to pass on these logs from this syslog-ng server (outside firewall) to a syslog server inside the firewall i.e. to make the whole setup firewall friendly. One of the standard way to make anything firewall friendly is that the communications between two server should be started from the server inside the firewall. Is there a way we can do this with syslog-ng? Can someone please provide some insights, it would be really appreciated. Thanks and Regards Ankit Kukreja
Hi,
One of the standard way to make anything firewall friendly is that the communications between two server should be started from the server inside the firewall. Is there a way we can do this with syslog-ng?
Store the logs to files, and use rsync for transfer. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Thanks for the input. I was looking for Syslog - Syslog solution, if that's possible? Thanks and Regards Ankit Kukreja -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Geller, Sandor (IT) Sent: Wednesday, November 19, 2008 9:27 PM To: 'Syslog-ng users' and developers' mailing list' Subject: Re: [syslog-ng] Need some help with syslog-ng configuration onfirewalled environment Hi,
One of the standard way to make anything firewall friendly is that the communications between two server should be started from the server inside the firewall. Is there a way we can do this with syslog-ng?
Store the logs to files, and use rsync for transfer. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ____________________________________________________________________________ __ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Thanks for the input.
I was looking for Syslog - Syslog solution, if that's possible?
Not I'm aware of. syslog uses a one-way client->server data push, you can't pull logs from remote or reuse/hijack an existing TCP connection. However if you write an app which waits for the incoming connection and use this app in syslog-ng as a program destination it could get solved. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
participants (2)
-
Ankit Kukreja
-
Geller, Sandor (IT)