[syslog-ng]udp relays

Brad Arlt arlt@cpsc.ucalgary.ca
Thu, 15 Nov 2001 10:39:01 -0700


On Thu, Nov 15, 2001 at 11:05:31AM +1100, Ben Smee wrote:
> heya,
> 
> I have a number of different networks under my control and I am sure
> like many other people on this list, they are not all routable from one
> to the other. My problem is that I would like to have a central syslog
> server that all our machines log back to (yes I know there are other
> architectures I can use to get around this problem but for the moment I
> want to try to do it like this for some particular reasons). Given that
> there is no one network that can route to all others or visa versa, I am
> wondering what type of udp relays people in similar situations use. I
> should say that on each network there is in effect at least one machine
> that has visibility of another network, thus meaning you CAN get from
> one network to another so long as you authenticate to a socks/ firewall
> first.
> 
> I have looked about for some good udp relays but I cant really find any.
> As far as I can tell syslog-ng doesnt support socks so I am looking for
> alternatives ...

If you can write a netcat that supports socks, that is one option.
Have syslog-ng log to the program, and it can handle socks.

I am not all that familiar with SOCKS, but since, from what you say
above, it supports UDP then it should be a simple matter to tag each
syslog-ng packet with the correct authentication.

SSH (the SSH Communications Security Inc version atleast) supports
SOCKS, you could have ssh port forward from the loopback device on
each loghost.  The direction of the ssh connection I leave up to you
(there is no reason it couldn't come from your central loghost).  I
imagine the OpenSSH supports SOCKS as well.  The draw back is this
would force you to use TCP, not UDP.

IPSEC or IPv6 (using the security features) could be using to create a
VPN tunnel, or atleast a tunnel for your UDP traffic.  IPSEC ships
with most OSes these days (if not as feature rich as you want, it
should atleast get the job done).  There is also an IPv6 tunnel
program called 6tunnel (I think that is what its called).

The latter doesn't address your SOCKS concerns, but is frankly a
supperior solution than SOCKS (stong cryptography on each packet and
content encryption).  Alas that doesn't help you if the box(es)
running SOCKS don't support IPSEC or IPv6. :)

I imagine there is something that could be done with SSL, but I hate
SSL I have never really explored that option.  Anyone know if stunnel
or sslwrap supports SOCKS?
----------------------------------------------------------------------------
   __o		Bradley Arlt	  Email: arlt@cpsc.ucalgary.ca         o__
 _ \<_				    WWW: www.acs.ucalgary.ca/~bdarlt   _>/ _
(_)/(_)  -Eat well, sleep peacefully, drink lots, and ride like hell. (_)\(_)