• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Syslog Server and Clients

I have installed Syslog-ng on a OpenBSD 3.4 Server. working.....
But i have one little problem:
My Syslog Server is in a Server room, 100 miles away from home
I have 2 OpenBSD Servers at home. Both servers are logging on the Syslog Server.
But i cannot find how to sepperate those two server. cause on the syslog server the host says both: home.domain.com
but one server has a hostname gw01.domain.com
and the other one gw02.domain.com
home.domain.com is the outside address of my dsl...

How can i tell the syslog-server that he must keep the local-hostname of the servers, not the outside addresses...
0
ColinWebdesign
Asked:
ColinWebdesign
  • 2
  • 2
1 Solution
 
gheistCommented:
you cannot, syslog records address it received message from
that is the limitation of NAT technology
0
 
ColinWebdesignAuthor Commented:
to bad :(
0
 
sunnycoderCommented:
Hi ColinWebdesign,

gheist is right in saying that you can't. However, it might still be possible to differentiate between the messages from these servers. To achieve this, you will have to modify the syslog server on atleast one machine to prefix an identifier/string to all messages that it logs.

It is a bit more work than simply modifying a configuration file but should not be too difficult/time consuming and is definitely a possibility. However, bear in mind that the modification is non-standard behavior and will serve in your specific scenario.

cheers
sunnycoder
0
 
gheistCommented:
given limitation that all config is done _only_ on syslog server, your answer is completely wrong.
otherwise there should be mention of IPSEC from me.
0
 
sunnycoderCommented:
Hi gheist,

I could not see any such limitation stated in the question. I beleive that since messages are being forwarded to the syslog server, appropriate configuration would have been done on all three machines!! Moreover,  the solution does not involve a change in the configuration.

Whatever the limitations of the solution, they have been very clearly outlined in my post. I do not see why you need to mention IPSEC in this scenario.

Simple thing is that at some point syslogd process on the home machines is writing the log string to a file/socket descriptor. All asker has to do is prefix a differntiating string to the logged message at that point.

An alternate mechanism will be to run a wrapper process on the home machine to listen to all log messages, prefix identifying string and then pass the message on to syslogd process. More work, but more portable too !!

Not as easy as changing a variable in config file and restarting the daemon but atleast a solution - tad bit better than impossible. ;-)

cheers!
sunnycoder
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now