[syslog-ng] udp Error binding socket;

news gonzo news gonzo news_gonzo at yahoo.fr
Thu Jan 25 18:15:51 CET 2007 

Thx for your explanation very clear and relevant ;)

----- Message d'origine ----
De : Bill Nash <billn at billn.net>
À : Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Envoyé le : Jeudi, 25 Janvier 2007, 18h19mn 10s
Objet : Re: [syslog-ng] udp Error binding socket;


I think you've implemented this incorrectly.

A 'remote source' is a sender, and your host will be a destination. In 
relative terms, syslog-ng will need a listening socket to receive the 
information, so you'll configure a source using an address that actually 
belongs to the server running syslog-ng.

For this to work, you need to declare your source to be your local device. 
Your server cannot bind 192.168.7.2 because it's the address of the remote 
machine, and it can't find a local interface with that address.

Look for, or create, a source in your syslog-ng config with this setting:
        udp(ip(0.0.0.0) port(514));

This would create a local listening socket that will receive syslog from 
*all* remote hosts, such as your firewall.  On your firewall, configure 
the logging options to send to the address of your syslog server.

[ Firewall ] ----> udp/514 ----> [Your syslog host]
192.168.7.2                         192.168.7.10

(I'm making up the 192.168.7.10 address just to fill in my examples 
below.)

So, on my log collector, I would have a source like this:
source s_sys {
    file ("/proc/kmsg" log_prefix("kernel: "));
    unix-stream ("/dev/log");
    internal();
    udp(ip(0.0.0.0) port(514));
};

The '0.0.0.0' address tells syslog-ng to use any network interface on your 
server, regardless of it's actual IP address. You can replace with the 
address of your network interface, if you prefer.

For hosts sending to the log collector, for example, another syslog-ng 
device:
destination loghost { udp("192.168.7.10" port(514)); };

Or a PIX firewall:
logging host dmz1 192.168.7.10

Or a Cisco router:
logging 192.168.7.10

Hope that helps, drop me a note if you need more info.

- billn

On Thu, 25 Jan 2007, news gonzo news gonzo wrote:

> Hello,
I have an error when I try to use a remote source 
I'm under RedHas AS3 Syslog2rc1.
my config is : 
source s_remote_fw {
        udp(ip(192.168.7.2) port(514));
};

And the error is :
Error binding socket; addr='AF_INET(192.168.7.2:514)', error='Cannot assign requested address (99)'
Error initializing source driver; source='s_remote_fw'


Thanks for your help




    

    
        
___________________________________________________________________________ 
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html








	

	
		
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070125/515bea0a/attachment.html

More information about the syslog-ng mailing list