[syslog-ng]Trouble with using syslog-ng "source" with specific IP address and UDP ...
Balazs Scheidler
bazsi@balabit.hu
Tue, 30 Apr 2002 09:24:20 +0200
On Mon, Apr 29, 2002 at 01:24:28PM -0700, John E Spence, CISSP wrote:
> Hi;
>
> I've installed syslog-ng onto my Sun Solaris 8 machine. I'm using
> syslog-ng-1.4.15 and libol-0.2.23. Everything works well unless I try
> to setup a source statement with a specific IP address in it.
>
> This works fine:
>
> source local { sun-streams("/dev/log" door("/etc/.syslog_door"));
> internal(); };
> source nonlocalA { udp(ip(0.0.0.0) port(514)); };
> source nonlocalB { udp(ip(0.0.0.0) port(2000)); };
>
> destination local-dest { file("/var/log/messages"); };
> destination nonA-dest { file("/export/home0/syslog-ng/logA"); };
> destination nonB-dest { file("/export/home0/syslog-ng/logB"); };
>
> log { source(local); destination(local-dest); };
> log { source(nonlocalA); destination(nonA-dest); };
> log { source(nonlocalB); destination(nonB-dest); };
>
> If I add these lines .
>
> source eval1 { udp(ip(10.55.70.113) port(514)); };
> destination eval1-dest { file("/export/home0/syslog-ng/eval1"); }
> log { source(eval1); destination(eval1-dest); };
>
> .. syslog-ng fails to start and I get this message:
>
> "io.c: bind_inet_socket() bind failed 10.55.70.113:514 Cannot assign
> requested address
> Error initializing configuration, exiting."
>
> I've looked carefully at other examples and the documents, and I don't
> understand what I've done wrong. Can anyone help? Thanks very much.
The ip() and port() options of the UDP source specify the bind address and
not the address you accept messages from. To control which messages you
accept, you can either use your packet filter and/or the netmask() filter in
the 1.5.x releases.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1