[syslog-ng] DMZ Relay Config (multiple ports)

Scot scotrn at gmail.com
Thu May 18 02:14:50 UTC 2017 

I think your looking for the disk buffer options on your destination.

https://www.balabit.com/documents/syslog-ng-pe-latest-guides/en/syslog-ng-pe-guide-admin/html/configuring-diskbuffer-normal.html

                disk-buffer(
                reliable(no) #  If set to no, the normal disk-buffer will
be used. This provides a faster, option
                dir("/opt/syslog-ng/buffer")
                disk-buf-size(10485760)
                mem-buf-length(100000) # number of messages stored in
overflow queue
                )

On Wed, May 17, 2017 at 4:43 PM, wiskbroom at hotmail.com <
wiskbroom at hotmail.com> wrote:

> Hello!
>
>
> I am trying to build a syslog-ng.conf for a DMZ relay that will listen on
> several TCP and UDP ports, all working just great.
>
> My config essentially captures traffic, then redirects each connection
> internally from itself.
>
>
> What happens if my internal host goes down?  I am hoping to store locally
> if connectivity is down, but not sure where or how that would get defined.
>
>
> I need to keep a direct relationship between ports, as my internal
> syslog-ng treats these ports differently, so redirecting to the same as
> received is key.
>
>
> Below is my DMZ relay syslog-NG config file, any offers to make it better
> greatly appreciated.
>
>
>
> -Vadim
> -------------------------syslog-ng.conf------------------------------
>
> @version:3.5
>
> @include "scl.conf"
>
> @include "/etc/syslog-ng/conf.d/*.conf"
>
> options {
>
>     time-reap(30);
>
>     mark-freq(10);
>
>     keep-hostname(yes);
>
>     chain_hostnames (off);
>
>     flush_lines (0);
>
>     time_reopen (10);
>
>     log_fifo_size (1000);
>
>     use_dns (yes);
>
>     use_fqdn (no);
>
>     create_dirs (no);
>
> };
>
> source s_udp-relay {
>
>          udp(ip(0.0.0.0) port(514) so_rcvbuf(425984));
>
> };
>
>
> source s_tcp-relay-514 {
>
>         tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(425984)
> log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
>
> };
>
>
>
> source s_tcp-relay-7514 {
>
>         tcp(ip(0.0.0.0) port(7514) max-connections(250) so_rcvbuf(425984)
> log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
>
> };
>
> destination d_syslog_udp { udp("10.5.5.5" port(514)); };
>
> destination d_syslog_tcp-514 { tcp("10.5.5.5" port(514)); };
>
> destination d_syslog_tcp-7514 { tcp("10.5.5.5" port(7514)); };
>
>
>
> log { source(s_udp-relay); destination(d_syslog_udp); };
>
> log { source(s_tcp-relay-514); destination(d_syslog_tcp-514); };
>
> log { source(s_tcp-relay-7514); destination(d_syslog_tcp-7514); };
>
>
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170517/123fc22e/attachment.html>

More information about the syslog-ng mailing list