[syslog-ng]Message forwarding problem
Dale Amon
amon@vnl.com
Fri, 2 Aug 2002 23:16:01 +0100
I've got the following situation:
Host A can talk to Host B
Host B can talk to Host C
Host A can NOT talk to Host C directly
Host C is the master logger
So I'm trying to set up Host B to act as a forwarder. This
"mostly" works:
HOST A:
destination mylogger { tcp(<HOST B> port(1999) localport(999)); };
filter all { level(info..err); };
log { source(src); filter(all); destination(console_all); destination(mylogger); };
HOST B:
source s_tcp { tcp(localip(<HOST B>) port(1999) max-connections(50)); };
destination mylogger { tcp(<HOST C> port(1999) localport(999)); };
filter all { level(info..err); };
log { source(s_tcp); source(src); filter(all); destination(console_all); destination(mylogger); };
HOST C
source s_tcp { tcp(localip(<HOST C>) port(1999) max-connections(50)); };
destination logtest { file("/var/log/logtest.log" owner("root") group("adm") perm(0640)); };
filter drop1 { not match ( " session opened|closed for user root|mail") and not match ("STATS: dropped 0"); };
log { source(s_tcp); source(src); filter(drop1); destination(logtest); };
The problem is, HOST B rewrites the message source to itself, so all messages from
HOST A arriving at HOST C appear to have "occurred" on HOST B.
Is there a way to do real forwarding rather than hacking it as I did above?