[syslog-ng] Questions Again :)

Olaf Hoyer ohoyer at ohoyer.de
Thu Jun 16 16:26:47 CEST 2005

On Thu, 16 Jun 2005, mrgenius wrote:

> hi All!
> I am running syslog-ng logging in msyql database with phpsyslog-ng as front
> end.
> 1) Now i have 1 problem. The Devices which are sending logs don't have any
> hostnames associated with them nor i am running any DNS server. As a result
> the listing of hosts i am getting are in the form of IP addresses of hosts.
> Is it possible to show hostname against IP adresses?? Like x.x.x.x will be
> shown as ABC-ROUTER ??
> if i define ABC-Router as x.x.x..x in /etc/hosts .. what configuration do i
> need to make in syslog-ng.conf??


Yes, enter them in the /etc/hosts on the loghost. Make sure that the 
resolve order in the OS is set to hosts first, then dns.

> 2) I want to Allow only specific hosts to send logs to loghost. But when i
> tried to put IP of hosts in configuration it gave me errors.
> Starting system logger: io.c: bind_inet_socket() bind failed 61.x.x.x:514
> Cannot assign requested address
> I used following configuration
> source net {
> udp(ip(61.x.x.x) port(514) );
> udp(ip(62.x.x.x) port(514) );
> udp(ip(63.x.x.x) port(514) );
> };
> Do i have to allow this policy on firewall or syslog-ng also supports it??
> bcause with only udp(); Every device on internet can start sending me logs
> and my server will be under attack.
> Regards,
> -Geni

Wrong syntax- ip() tells the syslog-ng where on the local system to bind 
to- if the system is on a network, use firewall rules to protect your 
syslog agains a DOS attack.

(I don't know if syslog-ng also supports tcpwrapper, like that 
configurable with /etc/hosts.allow)


Olaf Hoyer        ohoyer at ohoyer.de
Fuerchterliche Erlebniss geben zu raten,
ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist.
(Nietzsche, Jenseits von Gut und Boese)

More information about the syslog-ng mailing list