[syslog-ng] Syslog-no Question
Fekete, Róbert
robert.fekete at balabit.com
Wed Feb 22 13:57:37 UTC 2017
Hi,
No, you can't have both listen on the same port.
Basically, the network() driver is for RFC3164-formatted messages, while
the syslog() driver is for RFC5424-formatted messages. (To complicate
things, the network() driver has a syslog-protocol flag to receive
RFC5424-formatted messages, but the on-wire format is not entirely the same
(no framing, AFAIK), so they are not compatible.)
Basically, using matching drivers between the clients-server works best,
see
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/concepts-things-to-consider.html
To receive different types of messages on the server, it is usually best to
send the different messages to separate ports.
Regards,
Robert
On Wed, Feb 22, 2017 at 2:44 PM, 'Miah Lang' via SYSLOG-NG <
syslog-ng at balabit.com> wrote:
>
> I’m having trouble determining when you would use the network() source vs
> the syslog() source?
>
>
>
> We have logs coming in on TCP port 514 from network devices, would it be
> best to use the network() source for this? Can you setup both the network()
> and syslog() sources to listen on TCP port 514 or would that cause issues?
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170222/5d4237e6/attachment.html>
More information about the syslog-ng
mailing list