[syslog-ng] DMZ Relay Config (multiple ports)
Fekete, RĂ³bert
robert.fekete at balabit.com
Thu May 18 06:38:40 UTC 2017
Hi Vadim,
according to your configuration, you are using syslog-ng version 3.5. Note
that the disk-buffer feature is available from 3.9. You can find recent
packages for various platforms here:
https://syslog-ng.org/3rd-party-binaries/
HTH,
Robert
On Thu, May 18, 2017 at 4:14 AM, Scot <scotrn at gmail.com> wrote:
> I think your looking for the disk buffer options on your destination.
>
> https://www.balabit.com/documents/syslog-ng-pe-latest-
> guides/en/syslog-ng-pe-guide-admin/html/configuring-diskbuffer-normal.html
>
> disk-buffer(
> reliable(no) # If set to no, the normal disk-buffer will
> be used. This provides a faster, option
> dir("/opt/syslog-ng/buffer")
> disk-buf-size(10485760)
> mem-buf-length(100000) # number of messages stored in
> overflow queue
> )
>
> On Wed, May 17, 2017 at 4:43 PM, wiskbroom at hotmail.com <
> wiskbroom at hotmail.com> wrote:
>
>> Hello!
>>
>>
>> I am trying to build a syslog-ng.conf for a DMZ relay that will listen on
>> several TCP and UDP ports, all working just great.
>>
>> My config essentially captures traffic, then redirects each connection
>> internally from itself.
>>
>>
>> What happens if my internal host goes down? I am hoping to store locally
>> if connectivity is down, but not sure where or how that would get defined.
>>
>>
>> I need to keep a direct relationship between ports, as my internal
>> syslog-ng treats these ports differently, so redirecting to the same as
>> received is key.
>>
>>
>> Below is my DMZ relay syslog-NG config file, any offers to make it better
>> greatly appreciated.
>>
>>
>>
>> -Vadim
>> -------------------------syslog-ng.conf------------------------------
>>
>> @version:3.5
>>
>> @include "scl.conf"
>>
>> @include "/etc/syslog-ng/conf.d/*.conf"
>>
>> options {
>>
>> time-reap(30);
>>
>> mark-freq(10);
>>
>> keep-hostname(yes);
>>
>> chain_hostnames (off);
>>
>> flush_lines (0);
>>
>> time_reopen (10);
>>
>> log_fifo_size (1000);
>>
>> use_dns (yes);
>>
>> use_fqdn (no);
>>
>> create_dirs (no);
>>
>> };
>>
>> source s_udp-relay {
>>
>> udp(ip(0.0.0.0) port(514) so_rcvbuf(425984));
>>
>> };
>>
>>
>> source s_tcp-relay-514 {
>>
>> tcp(ip(0.0.0.0) port(514) max-connections(250) so_rcvbuf(425984)
>> log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
>>
>> };
>>
>>
>>
>> source s_tcp-relay-7514 {
>>
>> tcp(ip(0.0.0.0) port(7514) max-connections(250) so_rcvbuf(425984)
>> log_iw_size(25000) so_keepalive(yes) log_fetch_limit(100));
>>
>> };
>>
>> destination d_syslog_udp { udp("10.5.5.5" port(514)); };
>>
>> destination d_syslog_tcp-514 { tcp("10.5.5.5" port(514)); };
>>
>> destination d_syslog_tcp-7514 { tcp("10.5.5.5" port(7514)); };
>>
>>
>>
>> log { source(s_udp-relay); destination(d_syslog_udp); };
>>
>> log { source(s_tcp-relay-514); destination(d_syslog_tcp-514); };
>>
>> log { source(s_tcp-relay-7514); destination(d_syslog_tcp-7514); };
>>
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170518/6477b757/attachment-0001.html>
More information about the syslog-ng
mailing list