[syslog-ng] lazy logger++
ac56 at soas.ac.uk
Sun Oct 22 01:02:55 CEST 2006
Balazs Scheidler <bazsi at balabit.hu> [20061021 21:26:38 +0200]:
> On Fri, 2006-10-20 at 17:19 +0100, Alexander Clouter wrote:
> > Hi,
> > Time to reply to my own email....
> > Alexander Clouter <ac56 at soas.ac.uk> [20061019 10:25:38 +0100]:
> > >
> > > [snipped]
> > >
> > > What I am planning on doing is having something like the following in my
> > > syslog-ng.conf file which is fantastic as to add logging groups I just add
> > > extra udp() lines to s_multicastGeneric and nothing else is needed. At the
> > > moment I would need separate source/destination/log entries per multicast
> > > group address, which is upsetting and results in a hideous configuration
> > > file.
> It took me a while to understand what you want to accomplish, and to be
> honest the only reason I understood it is that you attached a patch. :)
> The reason I did not understand your original post was that I can't
> remember all defined macro names in syslog-ng and $DESTIP in your
> configuration snipped simply did not jump out at first. :)
> In fact the patch is not that horrible :) and the idea is sane. It is
> also useful when someone has a listener bound to '0.0.0.0' and logs are
> to be put on a receiving-interface specific file.
One thing to bear in mind, I am pretty sure that using getsockname() will
only return the *binding* address, so you might actually only get '0.0.0.0'
back from a socket thats bound to 0.0.0.0. Its going to show you no more
than what you would gain looking at the 'local address' coloumn when you run
The getsockname() method works for me as I explictly tell syslog-ng to listen
on a particular address, I bind with 'udp(ip(188.8.131.52) port(514))', so
calling getsockname() on that socket returns '184.108.40.206'.
This is not so helpful for others unless they also type specific multiple
udp()/tcp() commands into their configuration, however getsockname() *very*
cross platform compatible. In practice its not a bad limitation as you would
hope the syslog-ng logging servers out there are on static IPs :)
The alternative approach is to use the Linux specific socket option
IP(V6)_PKTINFO, or for *BSD people its IP_RECVDSTADDR (for both IPv4 and
IPv6) if I am right, and then instead of calling recvfrom() you use recvmsg()
and you get a lot of UDP header information.
> Thanks for your contribution, I'll see to adding a DESTIP support, once
> I have dealt with the current blockers for 2.0.0.
Cheers, that would be great if you could.
Have a good weekend
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng