[syslog-ng]Newbie: System inter-process communication ?

Jacques.Riopel@equant.com Jacques.Riopel@equant.com
Thu, 11 Apr 2002 11:29:38 -0400 

Hi all.  Using syslog-ng version 1.4.15.

I'm trying to set up a network of machines all running syslog-ng in a
testbed.  Some machines run Solaris 5.8, others are Sun-Cobalts runing a
flavor of Linux.  I have successfully compiled when necessary and replaced
all the syslogd with syslog-ng on my 4 test machines.  Now the hard part is
making them all talk to each other, and discovering how to set them to use
different ports and TCP vs UDP in some cases.  I have the following
questions so far:

Question 1: Is it possible to specify the upd port to listen on, ie
something like "source s_udp { udp (666); };" and then instruct the
syslog-ng on the sending machine to use that UDP port as a destination?
When I tried the above, I got a parsing error when starting up syslog-ng.

   My whole test scenario is to have one machine called "A1" at the top
level "A",  that will listen on port 514 for syslog messages using a TCP
connection from machine "B1" at level "B".
   Machine "B1" is a syslog consolidator, that passes syslog messages to A1
over TCP(514) and receives syslogs from other machines "C1", "C2" on level
"C".  I want to try to configure machine "C1" to output to machine "B1"
using UDP(514), and at the same time have machine "C2" forward its syslogs
to machine "B1" using TCP(514).  It's possible to have many machines at
level "C" all writing to machine "B1"'s port TCP(514), right?
   For the bonus point, can someone help me with the pertinent syntax for
source, destination and log statements for my 4 machines?  My job depends
on me making this work... 8-)  (If someone can replace my generic code
below with exact code that will be parsed OK...)

Machine A1 (10.5.11.9 - Solaris 5.8)
   source s_tcp { };
   destination d_jnr { usertty("jnriopel"); };
   log { source (s_tcp); destination (d_jnr); };

Machine B1 (10.5.10.4 - Linux)
   source s_tcp { frommachineC2};
   source s_udp { frommachineC1};
   destination d_tcp { tomachineA1 };
   log { source (s_tcp, s_udp); destination (d_tcp); };

Machine C1 (10.5.2.8 - Linux)
   source src {unix stream };
   destination d_udptoB1 { udp (machineB1 };
   log { source (src); destination (d_udptoB1); };

Machine C2 (10.5.2.16 - Linux)
   source src {unix stream };
   destination d_TCPtoB1 { tcp (machineB1 };
   log { source (src); destination (d_TCPtoB1); };

Question 2: PMI, but I understand from my IP theory that I can send
messages to another machine using UDP whether that machine is listening or
not and not get errors, whereas is I want to talk using TCP, the machine I
am talking to needs to have a listen set up first, ie I need to have
syslog-ng running on A1 before I can start it on B1 otherwise B1 will
complain about not being able to set up the connection, right?  Will
messages get lost or queued while waiting for A1 to start listening?

Question 3: What is the syntax of the source and destination statements for
two machines using syslog-ng and wanting to communicate over TCP port 666,
say? (As in my link between A1 and B1 above except for the non-standard
port number.)

Jacques