[syslog-ng] Configuring syslog-ng to broadcast

Alexander Clouter ac56 at soas.ac.uk
Sun Apr 23 09:43:31 CEST 2006 

Hi,

Ahhh, legacy 'fun' :)

Jim Schuyler <sky at red7.com> [20060422 17:32:06 -0700]:
>
> We are rewriting an existing bit of software and porting to Debian Linux.
> The old piece could use a UDP broadcast to send its logs, as well as
> specifying an IP address or a resolvable name.  And they wrote custom code
> to do everything.  Our approach is to use Debian packages for most things so
> we don't have to go write custom code.  Vastly superior, but it means some
> of the things that were totally "exposed" before are now hidden.  The
> problem is that our client requires that we exactly duplicate the previous
> capabilities - in this case that includes the broadcast.
> 
If thats the case I would suggest you write a custom standalone reflector 
which takes regular unicast UDP packets, rewrites the destination and spits 
the packet back onto the wire.

This could be done with twenty lines of Perl script or C code.  syslog-ng 
would not have to be changed and you could use anything.  The reflector would 
sit on the legacy subnet, everything outside that system would be able to 
continue as it was before.

> Also we do not have control over the "receiving" end.  We cannot demand that
> it be syslog-ng.  Any old syslog has to work.
> 
In my experienceits best trying to write 'translators' to get legacy stuff to 
behave better rather than bogging down 'new' code to speak to the legacy 
stuff.  The idea is that then you only write the translator one rather than 
'n' times for each bit of 'new' software you want to speak to the legacy 
system.

> I wish it were so.  Thank you for your suggestions.
> 
If you still plan on re-writing a chunk of syslog-ng then I still suggest you 
look at my patch.  The reasoning is that you have to program syslog-ng to 
recongise the the address is a broadcast one, call a setsockopt() and then 
you can broadcast packets.  Beej[1] comes to the rescue with that one ;)

My patch had to do that same, first identify if the address is a multicast 
one, and then set some socket options (abeitly for receiving).

Cheers

Alex

[1] http://beej.us/guide/bgnet/output/htmlsingle/bgnet.html#broadcast

> [Jim]
> 
> 
> On 4/22/06 9:28 AM, "Alexander Clouter" <ac56 at soas.ac.uk> wrote:
> 
> > Hi,
> > 
> > Jim Schuyler <sky at red7.com> [20060421 18:38:31 -0700]:
> >> 
> >> Although I have tried to convince my client that this isn¹t exactly the best
> >> idea, they want to configure syslog-ng to send logs by broadcast rather than
> >> to a specific address on their subnet.
> >> 
> >> Previously the configuration line we used for a specific remote syslog was:
> >>    
> >>     destination grouplog { udp(192.168.1.14 port(514)); };
> >> 
> >> Can syslog-ng actually do udp broadcast, and if so, what would be the
> >> appropriate config line to cause this to happen?
> >> 
> >> (I have tried using 192.168.1.255 and 255.255.255.255 and neither seems to
> >> do it, although I might not be properly configured on the other end to
> >> receive broadcasts...the other end is Mac OSX and it does receive messages
> >> just fine if I configure 192.168.1.14, as above.)
> >> 
> > If you look over the previous month or so worth of archive for this mailing
> > list you will come across my multicast support patches.  To send stuff to a
> > multicast address you don't need to do anything special, but to receive it
> > syslog-ng needs a light bit of patching.
> > 
> > For the sort of thing you are after, it really sounds like multicasting would
> > suit you far better.
> > 
> > Cheers
> > 
> > Alex
> > 
> >> [Jim Sky]
> >> 
> >> 
> >> 
> >> _______________________________________________
> >> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> >> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> >> 
> >> 
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> > 
> > 
> > 
> 
> 
>    Jim Schuyler <sky at red7.com>               red 7 communications, inc.
>    San Francisco, California USA                 PGP key ID: 0x93618262
>    Have a FIT! ...                            http://red7.com/fits.html
> 
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>

More information about the syslog-ng mailing list