[syslog-ng]some basic questions syslog-ng
Hamilton, Andrew Mr RAYTHEON 5 SIG CMD
HamiltonA@hq.5sigcmd.army.mil
Mon, 16 Jul 2001 07:05:01 +0200
Ravi,
Well, you are close but not quite there. When you set up a network source
such as tcp or udp you are merely setting up a socket on which the server
listens. It doesn't listen for a particular host. You set the server up to
receive from a source and then you have your client log to that ip/port on
the server. For example:
source s_tcp { tcp(ip(192.168.1.1) port(2222)); };
This will cause syslog-ng to listen for log messages on the interface with
192.168.1.1 ip address and port number 2222. It doesn't matter where the
messages is coming from. That is handled with the filters:
filter f_host10 { host("192.168.10.1"); };
This will filter out the host with the ip address of 192.168.10.1.
Then to log the remote host to the server you would use this line in your
server:
log { source(s_tcp); filter(f_host10); destination(d_host10); };
where d_host10 is a destination which the definition is not shown here.
Hope this helps.
Regards,
Drew
-----Original Message-----
From: Ravi Malghan [mailto:rmalghan@yahoo.com]
Sent: Friday, July 13, 2001 5:25 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]some basic questions syslog-ng
So if I want to accept syslog messages on syslog-ng
server X/port: 1111 from host 192.168.1.1, port: 2222
and host 192.168.10.1, port: 2222.
I will have the following on server X
source host10 {tcp(ip(192.168.1.1) port(2222);
tcp(ip(192.168.10.1) port(2222); };
destination host10logs { file("/var/adm/host10.log"
compress(on) sync(0); };
log {source(host10);destination(host10logs); };
Is this correct? I will similarly set the destination
on the client machines to have destination
{tcp(ip(server X) port (1111);}
What does filter host10 {host("192.168.1.1"); }; give
me ?
Thanks
Ravi
--- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
<HamiltonA@hq.5sigcmd.army.mil> wrote:
> 1. The client syslog-ng makes a TCP connection to
> the server which is
> listening for a TCP request.
> 2. Standard syslog is UDP and doesn't do TCP. You
> have to have syslog-ng on
> both the client and the server.
> 3. The port is the same as the UDP port, 514. You
> can have both types on
> the same port. Yes you do have control over it.
> You can change the source
> port on the server and change the destination port
> on the client.
>
> Regards,
> Drew
> -----Original Message-----
> From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> Sent: Thursday, July 12, 2001 9:58 PM
> To: syslog-ng@lists.balabit.hu
> Subject: [syslog-ng]some basic questions syslog-ng
>
>
> Hi I have few basic questions about syslog-ng. If
> somebody can give me answers or give me some
> pointers.
> I am using syslog-ng to log syslog messages from a
> client to server and a firewall between them.
> 1. How is the sysloging TCP instead of UDP? Is this
> something the syslog-ng needs to be configured.
> 2. The client which initiates the syslog logging, is
> this normal syslog client? or do I need to install
> syslog-ng there too?
> 3.When it uses TCP, which port does it use? Does the
> user have control over the port number?
>
> Thanks in advance
> Ravi
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng