[syslog-ng] lazy logger++

[Alexander Clouter]

Hi,

Balazs Scheidler <bazsi at balabit.hu> [20061021 21:26:38 +0200]:
>
> On Fri, 2006-10-20 at 17:19 +0100, Alexander Clouter wrote:
> > Hi,
> > 
> > Time to reply to my own email....
> > 
> > Alexander Clouter <ac56 at soas.ac.uk> [20061019 10:25:38 +0100]:
> > >
> > > [snipped]
> > > 
> > > What I am planning on doing is having something like the following in my 
> > > syslog-ng.conf file which is fantastic as to add logging groups I just add 
> > > extra udp() lines to s_multicastGeneric and nothing else is needed.  At the 
> > > moment I would need separate source/destination/log entries per multicast 
> > > group address, which is upsetting and results in a hideous configuration 
> > > file.
> 
> It took me a while to understand what you want to accomplish, and to be
> honest the only reason I understood it is that you attached a patch. :)
> 
heh heh.

> The reason I did not understand your original post was that I can't
> remember all defined macro names in syslog-ng and $DESTIP in your
> configuration snipped simply did not jump out at first. :)
> 
> In fact the patch is not that horrible :) and the idea is sane. It is
> also useful when someone has a listener bound to '0.0.0.0' and logs are
> to be put on a receiving-interface specific file.
>
One thing to bear in mind, I am pretty sure that using getsockname() will 
only return the *binding* address, so you might actually only get '0.0.0.0' 
back from a socket thats bound to 0.0.0.0.  Its going to show you no more 
than what you would gain looking at the 'local address' coloumn when you run
'netstat -lnut'.

The getsockname() method works for me as I explictly tell syslog-ng to listen 
on a particular address, I bind with 'udp(ip(239.123.120.5) port(514))', so 
calling getsockname() on that socket returns '239.123.120.5'.

This is not so helpful for others unless they also type specific multiple 
udp()/tcp() commands into their configuration, however getsockname() *very* 
cross platform compatible.  In practice its not a bad limitation as you would 
hope the syslog-ng logging servers out there are on static IPs :)

The alternative approach is to use the Linux specific socket option 
IP(V6)_PKTINFO[1], or for *BSD people its IP_RECVDSTADDR (for both IPv4 and 
IPv6) if I am right, and then instead of calling recvfrom() you use recvmsg() 
and you get a lot of UDP header information.
 
> Thanks for your contribution, I'll see to adding a DESTIP support, once
> I have dealt with the current blockers for 2.0.0.
> 
Cheers, that would be great if you could.

Have a good weekend

Alex

[1] http://groups.google.com/group/linux.kernel/msg/e5df1c1bf1fa7aea?dmode=source

> -- 
> Bazsi
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
>