[syslog-ng]Can some servers only be allowed to chained?
Jason Haar
syslog-ng@lists.balabit.hu
Fri, 2 May 2003 09:51:48 +1200
I have a central syslog server.
destination d_messages {
template("$R_ISODATE $HOST $FACILITY $PRIORITY $MSG\n")
...
I also have some DMZes and complex firewall configs that make it not
practical (or secure) to open up incoming connections from all the syslog
clients back to the server. So instead, each of these "complex" areas has a
syslog server in it that all the others in that subnet talk to via UDP. That
one syslog server then talks to the central server via TCP - leading to one
server with all syslog records. This all works fine, but I have to
"chain_hostnames(yes)" for that to work.
What I want is the UDP source on the central server to be that it does the
PTR thing to figure out what $HOST is - i.e. "chain_hostnames(no)". For TCP
only, "chain_hostnames(yes)". Then I can use netfilter to limit who can TCP
to the server, etc.
Can that be done?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1