[syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
Balazs Scheidler
bazsi at balabit.hu
Mon Feb 19 20:23:01 CET 2007
On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
> Balazs Scheidler wrote:
> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> >
> >> Ok . IMO counter intuitive , Tho reasonable with your explanation .
> >> One is very used to the 'source' in FW/router/...'s as being the source
> >> device(s) IP from where a packet came from .
> >
> > syslog-ng is not a firewall :) this is sometimes strange to me as well,
> > being involved in firewall products as well. But putting the joke aside,
> > syslog-ng is a "syslog message pipe" processor: sources generate
> > messages, destinations serve as message sinks. Some filtering here and
> > there, that's about syslog-ng's internal structure.
> >
> > So, naming source as a source is consistent with syslog-ng itself.
>
> I think that the author of the original comment was refereing to the IP address binding
> in the source definition
>
> source network { tcp( ip(xxxx) ); };
>
> where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
> Perhaps the syntax should be
>
> source network { tcp( bind(xxxx) ); };
>
> since the bind address MUST be ip since the definition is already defined to be tcp.
>
> I think it is a little counter intuitive even within the scope of syslog-ng.
>
ip is an alias for localip(), but it's true that all examples use ip().
--
Bazsi
More information about the syslog-ng
mailing list