[syslog-ng]some basic questions syslog-ng

Hamilton, Andrew Mr RAYTHEON 5 SIG CMD HamiltonA@hq.5sigcmd.army.mil
Mon, 16 Jul 2001 07:05:01 +0200


Ravi,

Well, you are close but not quite there.  When you set up a network source
such as tcp or udp you are merely setting up a socket on which the server
listens.  It doesn't listen for a particular host.  You set the server up to
receive from a source and then you have your client log to that ip/port on
the server.  For example:

source s_tcp { tcp(ip(192.168.1.1) port(2222)); };

This will cause syslog-ng to listen for log messages on the interface with
192.168.1.1 ip address and port number 2222.  It doesn't matter where the
messages is coming from.  That is handled with the filters:

filter f_host10 { host("192.168.10.1"); };

This will filter out the host with the ip address of 192.168.10.1.

Then to log the remote host to the server you would use this line in your
server:

log { source(s_tcp); filter(f_host10); destination(d_host10); };

where d_host10 is a destination which the definition is not shown here.

Hope this helps.

Regards,
Drew
-----Original Message-----
From: Ravi Malghan [mailto:rmalghan@yahoo.com]
Sent: Friday, July 13, 2001 5:25 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]some basic questions syslog-ng


So if I want to accept syslog messages on syslog-ng
server X/port: 1111 from host 192.168.1.1, port: 2222
and host 192.168.10.1, port: 2222.
I will have the following on server X
source host10 {tcp(ip(192.168.1.1) port(2222);
tcp(ip(192.168.10.1) port(2222); };
destination host10logs { file("/var/adm/host10.log"
compress(on) sync(0); };
log {source(host10);destination(host10logs); };

Is this correct? I will similarly set the destination
on the client machines to have destination
{tcp(ip(server X) port (1111);}
What does filter host10 {host("192.168.1.1"); }; give
me ?
Thanks
Ravi

--- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
<HamiltonA@hq.5sigcmd.army.mil> wrote:
> 1. The client syslog-ng makes a TCP connection to
> the server which is
> listening for a TCP request.
> 2. Standard syslog is UDP and doesn't do TCP.  You
> have to have syslog-ng on
> both the client and the server.
> 3. The port is the same as the UDP port, 514.  You
> can have both types on
> the same port.  Yes you do have control over it. 
> You can change the source
> port on the server and change the destination port
> on the client.
> 
> Regards,
> Drew
> -----Original Message-----
> From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> Sent: Thursday, July 12, 2001 9:58 PM
> To: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]some basic questions syslog-ng
> 
> 
> Hi I have few basic questions about syslog-ng. If
> somebody can give me answers or give me some
> pointers.
> I am using syslog-ng to log syslog messages from a
> client to server and a firewall between them. 
> 1. How is the sysloging TCP instead of UDP? Is this
> something the syslog-ng needs to be configured. 
> 2. The client which initiates the syslog logging, is
> this normal syslog client? or do I need to install
> syslog-ng there too?
> 3.When it uses TCP, which port does it use? Does the
> user have control over the port number?
> 
> Thanks in advance
> Ravi
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng