[syslog-ng] Polling additional machines
dan at newideatest.site
Sat Jan 23 06:16:50 UTC 2021
I have an interesting setup that was proposed to me, and while I _THINK_
syslog-ng can handle it I don't know for sure, let alone HOW.
There are multiple service-specific machines in the network, behind the
firewall. I'll just use the services they provide as their hostnames in
this example. So firewall fw is a small linux machine running syslog-ng
and fail2ban. Now fail2ban works off of the log files, but it also wants
to apply changes to the firewall rules locally. So either www has its
firewall rules while smtp has its rules and imap has a third set (ugly)
or fail2ban can run on fw and modify the rules there. Trick is, in order
to do that, all the logs have to be accessible in real time so that
fail2ban can see them. My thought was to have syslog-ng on each sub
machine somehow report to the syslog-ng on fw. Then fw's syslog-ng can
write the files that fail2ban wants to read from.
What would be the best way to go about this? I am still learning
syslog-ng so if this is something simple, I'm sorry.
More information about the syslog-ng