syslog-ng and IPv6 Interface Binding
Hi, I've recently upgraded from syslog-ng 3.1 to syslog-ng 3.2.2 and I'm having limited success with my modified config in getting syslog-ng to bind to only specific IPv6 IP addresses. At the moment I have this in my config: source net { tcp6( port(601) ); udp6( port(601) ); }; However I'd like to configure this slightly differently - namely to increase the maximum connections from 10 to 25 and also to bind to only certain IPv6 addresses, as the box has multiple. I was hoping for a config like this (IPv6 address truncated somewhat): source net { tcp6( ip(2001::20) port(601) max_connections(25) ); udp6( ip(2001::20) port(601) max_connections(25) ); }; But seems to be a no-go: ----- Error parsing afsocket, syntax error, unexpected LL_NUMBER, expecting LL_IDENTIFIER or LL_STRING in /etc/syslog-ng/syslog-ng.conf at line 32, column 18: tcp6( ip(2001::20) port(601) max_connections(25) ); ^^^^ ----- Neither the max_connections() NOR the ip() options are accepted nor is the use of localip() for IPv6. http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guid... does not specifically mention if this command is meant to work under IPv6 or not, but it's reasonable I think to assume it would given the title of the page. Can someone please provide me with the relevant part of a working config in which I can specify the IPv6 interface address(es) I want syslog-ng to listen on, or have I run into a bug? The sample config files that ship with the package also seem a bit out of date, and the example at the bottom of s6.1.7 in the manual would be 100x more useful if it also included some IPv6 examples. Thanks, Reuben
Reuben Farrelly <reuben-syslogng-list@reub.net> writes:
I was hoping for a config like this (IPv6 address truncated somewhat):
source net { tcp6( ip(2001::20) port(601) max_connections(25) ); udp6( ip(2001::20) port(601) max_connections(25) ); };
But seems to be a no-go:
-----
Error parsing afsocket, syntax error, unexpected LL_NUMBER, expecting LL_IDENTIFIER or LL_STRING in /etc/syslog-ng/syslog-ng.conf at line 32, column 18:
tcp6( ip(2001::20) port(601) max_connections(25) ); ^^^^ -----
I haven't tested it yet, but my vague guess is that ip("2001::20") should work. (The documentation does mention that ip() expects a string value) However, I haven't tried this, so your mileage may vary. -- |8]
On 5/04/2011 11:01 PM, Gergely Nagy wrote:
Reuben Farrelly<reuben-syslogng-list@reub.net> writes:
I was hoping for a config like this (IPv6 address truncated somewhat):
source net { tcp6( ip(2001::20) port(601) max_connections(25) ); udp6( ip(2001::20) port(601) max_connections(25) ); };
But seems to be a no-go:
-----
Error parsing afsocket, syntax error, unexpected LL_NUMBER, expecting LL_IDENTIFIER or LL_STRING in /etc/syslog-ng/syslog-ng.conf at line 32, column 18:
tcp6( ip(2001::20) port(601) max_connections(25) ); ^^^^ -----
I haven't tested it yet, but my vague guess is that ip("2001::20") should work. (The documentation does mention that ip() expects a string value)
However, I haven't tried this, so your mileage may vary.
With the quotes it seems to at least now start up and listen on the right interfaces - thanks Gergely! Looks like the problem I was seeing was that quotes are required for specifying IPv6 addresses, but are not required for IPv4 addresses. For example this config loads fine: source net { tcp6( ip("2001::20") port(514) max_connections(25) ); udp6( ip("2001::20") port(514) ); tcp( ip(192.168.10.12) port(514) max_connections(25) ); }; Perhaps this can be added to the admin guide, as the behavior of this parameter is inconsistent, at least, between v4 and v6. Thanks, Reuben
On Tue, Apr 05, 2011 at 11:25:49PM +1000, Reuben Farrelly wrote:
Looks like the problem I was seeing was that quotes are required for specifying IPv6 addresses, but are not required for IPv4 addresses. For example this config loads fine:
source net { tcp6( ip("2001::20") port(514) max_connections(25) ); udp6( ip("2001::20") port(514) ); tcp( ip(192.168.10.12) port(514) max_connections(25) ); };
Perhaps this can be added to the admin guide, as the behavior of this parameter is inconsistent, at least, between v4 and v6.
There is probably a small glitch in the grammar definition. Technically it usually allows strings to be quoted or unquoted. I always quote mine because otherwise some characters confuse the parser. Personally if it were me who maintained the parser I would be very strict and never allow any unquoted values. But I'm a bit radical about input validation because I work in InfoSec. Matthew.
On Tue, 2011-04-05 at 09:11 -0700, Matthew Hall wrote:
On Tue, Apr 05, 2011 at 11:25:49PM +1000, Reuben Farrelly wrote:
Looks like the problem I was seeing was that quotes are required for specifying IPv6 addresses, but are not required for IPv4 addresses. For example this config loads fine:
source net { tcp6( ip("2001::20") port(514) max_connections(25) ); udp6( ip("2001::20") port(514) ); tcp( ip(192.168.10.12) port(514) max_connections(25) ); };
Perhaps this can be added to the admin guide, as the behavior of this parameter is inconsistent, at least, between v4 and v6.
There is probably a small glitch in the grammar definition.
Technically it usually allows strings to be quoted or unquoted.
I always quote mine because otherwise some characters confuse the parser.
Personally if it were me who maintained the parser I would be very strict and never allow any unquoted values.
But I'm a bit radical about input validation because I work in InfoSec.
Matthew is right, syslog-ng accepts non-quoted words as strings, as long as they don't look something else. Your IP address looked like a number (the "2001" part). I wouldn't call this inconsistency though, it is useful to not have to quote things like: owner(root) In this case "root" is a string, but the same applies to the names of sources and destinations, the proper syntax would be: source "net" { }; and so on. Requiring quotes would make the config less readable in my opinion, but it is also right that it makes such inconsistencies possible. -- Bazsi
On Fri, Apr 08, 2011 at 12:43:03AM +0200, Balazs Scheidler wrote:
Requiring quotes would make the config less readable in my opinion, but it is also right that it makes such inconsistencies possible.
This is why I labeled myself as more radical than you, Bazsi. ;-) Matthew.
participants (4)
-
Balazs Scheidler
-
Gergely Nagy
-
Matthew Hall
-
Reuben Farrelly