我想在我的LAN上的主机和我的DMZ中的主机之间设置syslog-ng,但不能完全弄清楚configuration。 stunnelconfiguration似乎是正确的。 如果我在两台机器上closures了系统日志,我可以在dmzhost上运行nc -l 5140 ,并使用telnet通过LAN端的通道连接。 在任何一个连接上键入文本都会在两台机器上回显。
当我在任一台机器上启动syslog-ng时,出现有关已经使用的地址和连接被拒绝的错误(111) 。 我读过stunnel需要在syslog-ng之前启动,但似乎并不重要,因为它无法通过任何方式。 我试图用下面的configuration来澄清。 有什么想法吗?
局域网日志服务器(stunnel)
# /etc/stunnel/dmz.conf client = yes cert = /etc/stunnel/dmz/stunnel.pem pid = /var/run/stunnel4/dmz.pid [lan] # connect port 55514 on the remote end to LAN localhost on port 5140 connect = dmzhost.ip.addr:55514 accept = 127.0.0.1:5140
局域网syslog-ngconfiguration
# /etc/syslog-ng/syslog-ng.conf # dump data from port 5140 to syslog-ng on the LAN host source s_dmzhost {tcp(ip("127.0.0.1") port(5140) max-connections(10));}; destination d_dmzhost { file("/var/log/dmzhost.log" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no)); }; log {source(s_dmzhost); destination(d_dmzhost);};
局域网错误
# /etc/init.d/syslog-ng start * Starting system logging syslog-ng Error binding socket; addr='AF_INET(127.0.0.1:5140)', error='Address already in use (98)' Error initializing source driver; source='s_dmzhost', id='s_dmzhost#0' Error initializing message pipeline;
DMZ主机networking服务器(stunnel)
# /etc/stunnel/dmzhost.conf cert = /etc/stunnel/dmzhost/stunnel.pem pid = /var/run/stunnel4/dmzhost.pid [syslog] cert = /etc/stunnel/dmzhost/stunnel.pem accept = 0.0.0.0:55514 connect = 127.0.0.1:5140
DMZ主机syslog-ng
# /etc/syslog-ng/syslog-ng.conf source s_src { system(); internal(); }; destination my_stunnel {tcp("127.0.0.1" port(5140));}; log {source(s_src); destination(my_stunnel);};
DMZ主机错误
# /etc/init.d/syslog-ng start Jul 27 15:30:16 dmzhost syslog-ng[15456]: Syslog connection failed; \ fd='12', server='AF_INET(127.0.0.1:5140)', error='Connection refused (111)', time_reopen='60'