[syslog-ng]some basic questions syslog-ng
Ravi Malghan
rmalghan@yahoo.com
Mon, 16 Jul 2001 12:06:52 -0700 (PDT)
I figured it out..thanks for the help.
The syntax is
destination iadrse { tcp("192.168.18.90" port(514));
};
Ravi
--- Ravi Malghan <rmalghan@yahoo.com> wrote:
> Thanks Hamilton. But for some reason, when I run
> the syslog-ng at the client side with
> destination iadrse {tcp(ip(192.168.18.90)
> port(514));};
> I get an error at this line. Basically I am trying
> to
> send the messages to host 192.168.18.90.
> I tried the old format also
> destination iadrse { tcp 192.168.18.90,514;};
>
> I get a parse error at that line. Any suggestions.
>
> Thanks again.
> Ravi
> --- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
> <HamiltonA@hq.5sigcmd.army.mil> wrote:
> > Ravi,
> >
> > Well, you are close but not quite there. When you
> > set up a network source
> > such as tcp or udp you are merely setting up a
> > socket on which the server
> > listens. It doesn't listen for a particular host.
>
> > You set the server up to
> > receive from a source and then you have your
> client
> > log to that ip/port on
> > the server. For example:
> >
> > source s_tcp { tcp(ip(192.168.1.1) port(2222)); };
> >
> > This will cause syslog-ng to listen for log
> messages
> > on the interface with
> > 192.168.1.1 ip address and port number 2222. It
> > doesn't matter where the
> > messages is coming from. That is handled with the
> > filters:
> >
> > filter f_host10 { host("192.168.10.1"); };
> >
> > This will filter out the host with the ip address
> of
> > 192.168.10.1.
> >
> > Then to log the remote host to the server you
> would
> > use this line in your
> > server:
> >
> > log { source(s_tcp); filter(f_host10);
> > destination(d_host10); };
> >
> > where d_host10 is a destination which the
> definition
> > is not shown here.
> >
> > Hope this helps.
> >
> > Regards,
> > Drew
> > -----Original Message-----
> > From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> > Sent: Friday, July 13, 2001 5:25 PM
> > To: syslog-ng@lists.balabit.hu
> > Subject: RE: [syslog-ng]some basic questions
> > syslog-ng
> >
> >
> > So if I want to accept syslog messages on
> syslog-ng
> > server X/port: 1111 from host 192.168.1.1, port:
> > 2222
> > and host 192.168.10.1, port: 2222.
> > I will have the following on server X
> > source host10 {tcp(ip(192.168.1.1) port(2222);
> > tcp(ip(192.168.10.1) port(2222); };
> > destination host10logs {
> file("/var/adm/host10.log"
> > compress(on) sync(0); };
> > log {source(host10);destination(host10logs); };
> >
> > Is this correct? I will similarly set the
> > destination
> > on the client machines to have destination
> > {tcp(ip(server X) port (1111);}
> > What does filter host10 {host("192.168.1.1"); };
> > give
> > me ?
> > Thanks
> > Ravi
> >
> > --- "Hamilton, Andrew Mr RAYTHEON 5 SIG CMD"
> > <HamiltonA@hq.5sigcmd.army.mil> wrote:
> > > 1. The client syslog-ng makes a TCP connection
> to
> > > the server which is
> > > listening for a TCP request.
> > > 2. Standard syslog is UDP and doesn't do TCP.
> You
> > > have to have syslog-ng on
> > > both the client and the server.
> > > 3. The port is the same as the UDP port, 514.
> You
> > > can have both types on
> > > the same port. Yes you do have control over it.
>
> > > You can change the source
> > > port on the server and change the destination
> port
> > > on the client.
> > >
> > > Regards,
> > > Drew
> > > -----Original Message-----
> > > From: Ravi Malghan [mailto:rmalghan@yahoo.com]
> > > Sent: Thursday, July 12, 2001 9:58 PM
> > > To: syslog-ng@lists.balabit.hu
> > > Subject: [syslog-ng]some basic questions
> syslog-ng
> > >
> > >
> > > Hi I have few basic questions about syslog-ng.
> If
> > > somebody can give me answers or give me some
> > > pointers.
> > > I am using syslog-ng to log syslog messages from
> a
> > > client to server and a firewall between them.
> > > 1. How is the sysloging TCP instead of UDP? Is
> > this
> > > something the syslog-ng needs to be configured.
> > > 2. The client which initiates the syslog
> logging,
> > is
> > > this normal syslog client? or do I need to
> install
> > > syslog-ng there too?
> > > 3.When it uses TCP, which port does it use? Does
> > the
> > > user have control over the port number?
> > >
> > > Thanks in advance
> > > Ravi
> > >
> > >
> > >
> __________________________________________________
> > > Do You Yahoo!?
> > > Get personalized email addresses from Yahoo!
> Mail
> > > http://personal.mail.yahoo.com/
> > >
> > > _______________________________________________
> > > syslog-ng maillist -
> syslog-ng@lists.balabit.hu
> > >
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > >
> > > _______________________________________________
> > > syslog-ng maillist -
> syslog-ng@lists.balabit.hu
> > >
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> > http://personal.mail.yahoo.com/
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> >
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/