[syslog-ng] udp Error binding socket;

Bill Nash billn at billn.net
Thu Jan 25 18:19:10 CET 2007


I think you've implemented this incorrectly.

A 'remote source' is a sender, and your host will be a destination. In 
relative terms, syslog-ng will need a listening socket to receive the 
information, so you'll configure a source using an address that actually 
belongs to the server running syslog-ng.

For this to work, you need to declare your source to be your local device. 
Your server cannot bind 192.168.7.2 because it's the address of the remote 
machine, and it can't find a local interface with that address.

Look for, or create, a source in your syslog-ng config with this setting:
        udp(ip(0.0.0.0) port(514));

This would create a local listening socket that will receive syslog from 
*all* remote hosts, such as your firewall.  On your firewall, configure 
the logging options to send to the address of your syslog server.

[ Firewall ] ----> udp/514 ----> [Your syslog host]
192.168.7.2                         192.168.7.10

(I'm making up the 192.168.7.10 address just to fill in my examples 
below.)

So, on my log collector, I would have a source like this:
source s_sys {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    internal();
    udp(ip(0.0.0.0) port(514));
};

The '0.0.0.0' address tells syslog-ng to use any network interface on your 
server, regardless of it's actual IP address. You can replace with the 
address of your network interface, if you prefer.

For hosts sending to the log collector, for example, another syslog-ng 
device:
destination loghost { udp("192.168.7.10" port(514)); };

Or a PIX firewall:
logging host dmz1 192.168.7.10

Or a Cisco router:
logging 192.168.7.10

Hope that helps, drop me a note if you need more info.

- billn

On Thu, 25 Jan 2007, news gonzo news gonzo wrote:

> Hello,
I have an error when I try to use a remote source 
I'm under RedHas AS3 Syslog2rc1.
my config is : 
source s_remote_fw {
        udp(ip(192.168.7.2) port(514));
};

And the error is :
Error binding socket; addr='AF_INET(192.168.7.2:514)', error='Cannot assign requested address (99)'
Error initializing source driver; source='s_remote_fw'


Thanks for your help




	

	
		
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com


More information about the syslog-ng mailing list