[syslog-ng] Having hostname and sender's IP address in header

Worsham, Michael mworsham at SCIRES.COM
Tue Oct 26 05:07:08 CEST 2010 

Almost. I am confused on the "set properties to preserve hostnames" and "set appropriate template" pieces. I am still rather new to this still. I am just happy I got TLS encryption working and integrated TLS with Syslog4j for Weblogic support.

So I guess back to the original question, is it not possible to pass over the hostname and IP address at the same time in the header?

-- M


-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Matthew Hall
Sent: Monday, October 25, 2010 10:05 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Having hostname and sender's IP address in header

Michael,

Let's say for the sake of discussion all syslogs arrive from here:

> source s_general {
>         tcp(ip(10.153.29.235) port (514) max-connections(1000) );
> };

Now you could do this:

> source s_general {
>         tcp(ip(10.153.29.235) port (514) max-connections(1000) );
> };

source s_loopback_local {
    udp(ip(127.0.0.1) port(5140));
    # set properties to preserve hostnames
}

source s_loopback_tripwire {
    udp(ip(127.0.0.1) port(5141));
    # set properties to preserve IP addresses
}

destination d_loopback_local {
    udp(ip(127.0.0.1) port(5140));
    # set appropriate template
}

destination d_loopback_tripwire {
    udp(ip(127.0.0.1) port(5141));
    # set appropriate template
}

log {
    source(s_general);
    destination(d_loopback_local);
    destination(d_loopback_tripwire);
    flags(final);
}

log {
    source(s_loopback_local);
    destination(***local storage log files***);
}

log {
    source(s_loopback_tripwire);
    destination(***remote relay to tripwire using d_tripwire_udp***);
}

> destination d_tripwire_udp {
>         udp("10.153.29.249" port (514));
> };

Is this description more clear?

Cheers,
Matthew.

On Mon, Oct 25, 2010 at 07:57:08PM -0400, Worsham, Michael wrote:
> Umm... what? Totally lost me there.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


CONFIDENTIALITY NOTICE:  This email and any attachments are intended solely for the use of the named recipient(s).  This email may contain confidential and/or proprietary information of Scientific Research Corporation.  If you are not a named recipient, you are prohibited from reviewing, copying, using, disclosing or distributing to others the information in this email and attachments.  If you believe you have received this email in error, please notify the sender immediately and permanently delete the email, any attachments, and all copies thereof from any drives or storage media and destroy any printouts of the email or attachments.

EXPORT COMPLIANCE NOTICE:  This email and any attachments may contain technical data subject to U.S export restrictions under the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR).  Export or transfer of this technical data and/or related information to any foreign person(s) or entity(ies), either within the U.S. or outside of the U.S., may require advance export authorization by the appropriate U.S. Government agency prior to export or transfer.  In addition, technical data may not be exported or transferred to certain countries or specified designated nationals identified by U.S. embargo controls without prior export authorization.  By accepting this email and any attachments, all recipients confirm that they understand and will comply with all applicable ITAR, EAR and embargo compliance requirements.

More information about the syslog-ng mailing list