[syslog-ng]Can some servers only be allowed to chained?
Jason Haar
syslog-ng@lists.balabit.hu
Tue, 13 May 2003 19:33:54 +1200
Nate Campi wrote:
> On Fri, May 02, 2003 at 09:51:48AM +1200, Jason Haar wrote:
>
> Jason,
>
> You might have worked out a solution by now, but could you try to
> explain what you're trying to do here in different language?
No I haven't - so I'm more than happy to re-phrase :-)
I have an environment whereby there is a hierarchy of syslog servers.
Clients in each subnet feed to a "central subnet" syslog server, then
those subnet servers feed to the Central Syslog Server (CSS). The
reasoning is complex - but firewalls and ACL management of those
firewalls is part of the reason behind this "layering".
What I want is that each "subnet server" is talked to by it's subnet's
standard syslog clients via UDP, and that its template is such that it
ignores the hostname the client claims to be, and instead resolves that
itself.
However, the "subnet servers" talk to the CSS over TCP, and it has to
trust the hostnames given by the "subnet servers"- otherwise that would
break those "proxied" records.
The above I can do fine. The problem is that the CSS is *also* the
"subnet server" for the LAN it's on - so it needs to support UDP,etc.
So my question is: can it "trust" the hostname provided by TCP-based
syslog servers, and do a PTR lookup on the ones provided via UDP. From
what I can see in syslog-ng - it can't.
Thanks!
Jason