[syslog-ng] Configuring syslog-ng to broadcast

Jim Schuyler sky at red7.com
Sun Apr 23 02:32:06 CEST 2006


We are rewriting an existing bit of software and porting to Debian Linux.
The old piece could use a UDP broadcast to send its logs, as well as
specifying an IP address or a resolvable name.  And they wrote custom code
to do everything.  Our approach is to use Debian packages for most things so
we don't have to go write custom code.  Vastly superior, but it means some
of the things that were totally "exposed" before are now hidden.  The
problem is that our client requires that we exactly duplicate the previous
capabilities - in this case that includes the broadcast.

Also we do not have control over the "receiving" end.  We cannot demand that
it be syslog-ng.  Any old syslog has to work.

I wish it were so.  Thank you for your suggestions.

[Jim]


On 4/22/06 9:28 AM, "Alexander Clouter" <ac56 at soas.ac.uk> wrote:

> Hi,
> 
> Jim Schuyler <sky at red7.com> [20060421 18:38:31 -0700]:
>> 
>> Although I have tried to convince my client that this isn¹t exactly the best
>> idea, they want to configure syslog-ng to send logs by broadcast rather than
>> to a specific address on their subnet.
>> 
>> Previously the configuration line we used for a specific remote syslog was:
>>    
>>     destination grouplog { udp(192.168.1.14 port(514)); };
>> 
>> Can syslog-ng actually do udp broadcast, and if so, what would be the
>> appropriate config line to cause this to happen?
>> 
>> (I have tried using 192.168.1.255 and 255.255.255.255 and neither seems to
>> do it, although I might not be properly configured on the other end to
>> receive broadcasts...the other end is Mac OSX and it does receive messages
>> just fine if I configure 192.168.1.14, as above.)
>> 
> If you look over the previous month or so worth of archive for this mailing
> list you will come across my multicast support patches.  To send stuff to a
> multicast address you don't need to do anything special, but to receive it
> syslog-ng needs a light bit of patching.
> 
> For the sort of thing you are after, it really sounds like multicasting would
> suit you far better.
> 
> Cheers
> 
> Alex
> 
>> [Jim Sky]
>> 
>> 
>> 
>> _______________________________________________
>> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>> 
>> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> 
> 


   Jim Schuyler <sky at red7.com>               red 7 communications, inc.
   San Francisco, California USA                 PGP key ID: 0x93618262
   Have a FIT! ...                            http://red7.com/fits.html





More information about the syslog-ng mailing list