How can I separate logs based on source IP or hostname behind NAT using syslog-ng? -

-

i create centralized logging using syslog-ng. have cover multiple offices 1-2 public ips , multiple other servers/devices running "in cloud".

just cloud servers working ok, when want collect logs different devices in office loosing hostname / source ip info of devices. got external public ip.

the syslog-ng version 3.5.3 running on ubuntu 14.04 machine (in cloud public ip address).

my non default config file following /etc/syslog-ng/conf.d/logserver.conf :

source s_network_udp { syslog(ip(<syslog_server_public_ip>) transport("udp") keep-hostname(yes)); }; source s_network_tcp { tcp(ip(<syslog_server_public_ip>) port(514) keep-hostname(yes)); };   destination d_netlog { file("/var/log/remote/${host}.log"); };  log { source(s_network_udp); destination(d_netlog);}; log { source(s_network_tcp); destination(d_netlog);};

every public server have own $hostname.log file, office devices got 1 big public_ip_of_office.log file.

the syslog-ng.conf file has default configs. not sure nat-ing causing issues or not. not use relay feature, have 1 syslog-ng server.

any great.

nat hide source ips. not syslog-ng / syslog issue.

you can use keep-hostname(). suggest use not.

if allow me, suggest hint improve setup:

  • implement syslog-ng relay natboxes
  • use ietf syslog protocol instead legacy bsdlog, @ least between relay , target server
  • if implemented relays, not use keep-hostname on relays! that's final chance check @ least source ip of sender.

with kind of setup, relay see real sourceip, , can add several metadata items in sdata part of ietf protocol, eg. sourceip.


Comments

Post a Comment

Popular posts from this blog

javascript - Chart.js (Radar Chart) different scaleLineColor for each scaleLine -

-
Image
i try , create radar chart using chart.js has various colours each scaleline, or coloured between scalelines. wondering if possible? from: to: i have working graph, though there doesn't seem method change individual scale lines. kind regards leigh you can extend radar chart type this, so chart.types.radar.extend({ name: "radaralt", initialize: function (data) { chart.types.radar.prototype.initialize.apply(this, arguments); var originalscaledraw = this.scale.draw; var ctx = this.chart.ctx; this.scale.draw = function () { var linewidth = this.linewidth; // bypasses line drawing in originalscaledraw this.linewidth = linewidth; originalscaledraw.apply(this, arguments); ctx.linewidth = this.linewidth; var scale = this; // draw chart.helpers.each(scale.ylabels, function (label, index) { // color of ...
Read more

apache - Error with PHP mail(): Multiple or malformed newlines found in additional_header -

-
suddenly have started receiving above error without changes having been made script. host 1and1 (i know...) the script still works fine on different server, , suspicion there must have been server config change has lead this, although hosts plead ignorance. there's no information on above error @ in google can find - have ideas? server running apache if helps. had similar problem. came out of blue. no php code changed. what changed: php upgraded 5.5.25-1 5.5.26. a security risk in php mail() function has been fixed , newlines in additional_headers allowed no more. because newlines mean: starts email message (and surely don't want inject newlines through headers followed evil message). what have worked fine, e.g. having newlines after headers or passing whole message additional_headers , function no more. solution : sanitize headers. no multiple newlines in additional_headers argument. these count "multiple or malformed newlines":...
Read more

java - Android – MapFragment overlay button shadow, just like MyLocation button -

-
Image
i'm struggling add shadow custom overlay button on google map. goal make custom button google's mylocation button. here's how app looks now: layout.xml <relativelayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" xmlns:map="http://schemas.android.com/apk/res-auto" android:layout_height="match_parent" android:layout_width="match_parent" style="@style/apptheme"> <fragment android:layout_width="match_parent" android:layout_height="match_parent" android:id="@+id/map" tools:context=".mapsactivity" android:name="com.google.android.gms.maps.supportmapfragment" android:layout_alignparentend="true" android:layout_alignparentstart="true" android:layout_alignparentbottom="true" ...
Read more