[syslog-ng] configuring different sources on the syslog-ng server

Mon Jul 19 19:39:10 CEST 2010

Hi,

Yes, because 192.168.180.179 seems not to be a real address of your 
server so syslog-ng cannot assign the requested address.
Let's see an example:
addresses of your server are the following (in this example your server 
has two network cards):
192.168.20.1 (eth0)
10.30.20.1 (eth1)
127.0.0.1 (loopback)

source apache_access{tcp(ip("192.168.20.1") flags(no-parse));

};

syslog-ng will listen only on eth0:192.168.20.1

source apache_access{tcp(ip("10.30.20.1") flags(no-parse));

};

syslog-ng will listen only on eth1:10.30.20.1

source apache_access{tcp(flags(no-parse));

};

syslog-ng will listen on all addresses of your server 
(eth0:192.168.20.1, eth1:10.30.20.1, lo:127.0.0.1)

source apache_access{tcp(ip("10.10.0.1") flags(no-parse));

};

syslog-ng cannot listen on this address, because it's not an address of 
the server, you will receive "Cannot assign requested address" error 
message.

If you have no specieal reasons to limit it, just don't give "ip()" 
option because it is not required (as Patrick wrote)

2010.07.19. 8:14 keltezéssel, Khaleelah Peerbocus írta:
>
> Still if I wanted to configure a different source on the syslog-server 
> as below    (I will eventually use filtering if I do not succeed in 
> creating another source)
>
> source apache_access{tcp(ip("192.168.180.179") flags(no-parse));
>
> };
>
> destination d_apachemssql {
>
> pipe("/tmp/apachepipe.pipe"
>
> template("INSERT INTO 
> logapache(datetime,host,program,pid,message)VALUES('$R_DATE','$HOST','$PROGRAM','$PID','$MSGONLY');\n")template-escape(yes) 
> flags(no-multi-line));
>
> };
>
> log {
>
>      source(apache_access);
>
>      destination(d_apachemssql);
>
> };
>
> I get the following error when trying to start syslog-ng
>
> Error binding socket; addr='AF_INET(192.168.180.179:3331)', 
> error='Cannot assign requested address (99)'
>
> Error initializing source driver; source='apache_access', 
> id='apache_access#0'
>
> Error initializing message pipeline;
>
> *From:* syslog-ng-bounces at lists.balabit.hu 
> [mailto:syslog-ng-bounces at lists.balabit.hu] *On Behalf Of *Patrick H.
> *Sent:* Monday, July 19, 2010 9:48 AM
> *To:* Syslog-ng users' and develops' mailing list
> *Subject:* Re: [syslog-ng] configuring different sources on the 
> syslog-ng server
>
> Firstly the "ip()" option of "tcp()" in a "source()" is not required, 
> it is optional. It specifies the IP address which syslog-ng will 
> listen on. If not provided, syslog-ng will listen on all interfaces.
> Seconly, you do not need a separate source for every client. You can 
> use filter rules to match on the client's hostname if you need to.
>
> You might want to go through the administrator's guide, it is an 
> extremely good documentation source with lots of examples. 
> http://www.balabit.com/dl/guides/syslog-ng-ose-v3.1-guide-admin-en.pdf
>
> Sent: Sunday, July 18, 2010 11:28:25 PM
> From: Khaleelah Peerbocus <systems2 at maccs.mu> <mailto:systems2 at maccs.mu>
> To: 'Syslog-ng users' and developers' mailing list' 
> <syslog-ng at lists.balabit.hu> <mailto:syslog-ng at lists.balabit.hu>
> Subject: [syslog-ng] configuring different sources on the syslog-ng 
> server
>
> Hello
>
> I would like to get some clarification on the source tag in both 
> syslog client and server.
>
> I have different clients hosting apache / weblogic
>
> My Syslog-ng Server has ip 192.x.x.x
>
> Apache (client) has ip 192.x.x.1
>
> Weblogic (client) has ip 192.x.x.2
>
> In all the clients syslog configuration files, i have added
>
> destination apacheaccesslog {
>
> tcp("192.x.x.x " port(3331));
>
> };
>
> destination weblogiclog {
>
> tcp("192.x.x.x " port(3332));
>
> };
>
> My issue is in the syslog-ng server configuration file, if i add
>
> source apache_access {tcp(ip(192.x.x.x) port(3331));
>
> };
>
> Should the ip be the server ip or the client ip (in this example, i 
> have put the syslog-ng server ip). Does the port number differentiate 
> the different sources we are receiving the log files ???
>
> logo-emailsignature.jpgKhaleelah Peerbocus -- Systems Analyst
>
> Mauritius Cargo Community Services
>
> Business Registration No.: C08077158
>
> VAT Registration No.: VAT20427044
>
> 1^st Floor, Trade and Marketing Centre, Mer Rouge
>
> Port-Louis, Mauritius
>
> Tel: +230 206 2970 - Cell: +230 498 7897 Fax: +230 216 8858
>
> Email: systems2 at maccs.mu <mailto:HDagent6 at maccs.mu> - Website: 
> http://www.maccs.mu <http://www.maccs.mu/>
>
>   
> ------------------------------------------------------------------------
>
>
>    
>   
> ______________________________________________________________________________
> Member info:https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ:http://www.campin.net/syslog-ng/faq.html
>   
>    
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>    

-- 
pzolee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100719/18629fa2/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2176 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100719/18629fa2/attachment.jpeg 