[syslog-ng] Configuring syslog-ng to broadcast

Jim Schuyler sky at red7.com
Sat Apr 22 18:39:15 CEST 2006 

Thanks so much for your reply.

1. The network is 192.168.1.* class C
2. The receiver's mask is 255.255.255.0 and he is at 192.168.1.14
3. The sender's   mask is 255.255.255.0 and he is at 192.168.1.10
4. The router is not filtering within the network - only outside routes are
filtered - and although I don't know about no ip directed-broadcast, snort
and ipfw on the receiver tell me that there are broadcasts arriving at the
receiver all the time (DHCP, for instance)
5. Syslog-ng successfully sends logs to 192.168.1.14 if I configure it using
that specific IP address, so messages are getting thru
6. netstat on the receiver shows
    udp4       0      0  *.514                  *.*
    udp46      0      0  *.514                  *.*
[I don't know why there are two entries - but it works] the receiver is a
Mac OSX machine and one enables syslogd this way ("-u" means listen on udp
port 514):
    sudo syslogd -m 0 -u

Further help would be highly appreciated.

My ultimate question is what the configuration line in syslog-ng should look
like to get it to broadcast.  Maybe this gives you enough information that
we could figure that out.  *If* syslog-ng can do broadcast, that is.

[Jim]

On 4/22/06 12:23 AM, "Kevin" <kkadow at gmail.com> wrote:

> On 4/21/06, Jim Schuyler <sky at red7.com> wrote:
>> Although I have tried to convince my client that this isn¹t exactly the best
>> idea, they want to configure syslog-ng to send logs by broadcast rather than
>> to a specific address on their subnet.
> 
> IMHO, it's not always a _bad_ idea, if you really know why you're doing it.
> 
>> (I have tried using 192.168.1.255 and 255.255.255.255 and neither seems to
>> do it, although I might not be properly configured on the other end to
>> receive broadcasts...the other end is Mac OSX and it does receive messages
>> just fine if I configure 192.168.1.14, as above.)
> 
> What's the netmask of the interface on the host receiving these logs?
> 
> Does 'netstat -nap udp' on the recieving host show *.514 as the listener?
> 
> Is the sender on the same subnet as the receiving host?  If not, does
> the router serving the receiver have "no ip directed-broadcast" or the
> equivalent setting?
> 
> Kevin
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> 
> 


   Jim Schuyler <sky at red7.com>               red 7 communications, inc.
   San Francisco, California USA                 PGP key ID: 0x93618262
   Have a FIT! ...                            http://red7.com/fits.html

More information about the syslog-ng mailing list