-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: mrgarris0n <gergely.karacsonyi@gmail.com>
- Loading branch information
1 parent
1e19ebc
commit 089f446
Showing
2 changed files
with
77 additions
and
83 deletions.
There are no files selected for viewing
81 changes: 0 additions & 81 deletions
81
...de/002_Configuring_syslog-ng_relays/000_Configuring_syslog-ng_on_relay_hosts.md
This file was deleted.
Oops, something went wrong.
79 changes: 77 additions & 2 deletions
79
doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,81 @@ | ||
--- | ||
title: Configuring {{ site.product.short_name }} relays | ||
id: adm-qs-conf | ||
id: adm-qs-relay-conf | ||
description: >- | ||
This chapter describes how to configure {{ site.product.short_name }} as a relay. | ||
This section describes how to configure {{ site.product.short_name }} as a relay. | ||
--- | ||
|
||
To configure {{ site.product.short_name }} as a relay, complete the following steps: | ||
|
||
1. Install the {{ site.product.short_name }} application on the host. For details on | ||
installing {{ site.product.short_name }} on specific operating systems, see | ||
Installing syslog-ng. | ||
2. Configure the network sources that collect the log messages sent by | ||
the clients. | ||
|
||
3. Create a network destination that points to the {{ site.product.short_name }} server. | ||
|
||
4. Create a log statement connecting the network sources to the | ||
{{ site.product.short_name }} server. | ||
|
||
5. Configure the local sources that collect the log messages of the | ||
relay host. | ||
|
||
6. Create a log statement connecting the local sources to the syslog-ng | ||
server. | ||
|
||
7. Enable the keep-hostname() and disable the chain-hostnames() | ||
options. (For details on how these options work, see | ||
chain-hostnames() | ||
|
||
**NOTE:** It is recommended to use these options on your {{ site.product.short_name }} | ||
server as well. | ||
{: .notice--info} | ||
|
||
8. Set filters and options (for example, TLS encryption) as necessary. | ||
|
||
**NOTE:** By default, the {{ site.product.short_name }} server will treat the relayed | ||
messages as if they were created by the relay host, not the host | ||
that originally sent them to the relay. In order to use the original | ||
hostname on the {{ site.product.short_name }} server, use the **keep-hostname(yes)** | ||
option both on the {{ site.product.short_name }} relay and the {{ site.product.short_name }} server. This | ||
option can be set individually for every source if needed. | ||
{: .notice--info} | ||
|
||
If you are relaying log messages and want to resolve IP addresses to | ||
hostnames, configure the first relay to do the name resolution. | ||
|
||
Example: A simple configuration for relays | ||
|
||
The following is a simple configuration file that collects local and | ||
incoming log messages and forwards them to a logserver using the | ||
IETF-syslog protocol. | ||
|
||
```config | ||
@version: 3.38 | ||
@include "scl.conf" | ||
options { | ||
time-reap(30); | ||
mark-freq(10); | ||
keep-hostname(yes); | ||
chain-hostnames(no); | ||
}; | ||
source s_local { | ||
system(); internal(); | ||
}; | ||
source s_network { | ||
syslog(transport(tcp)); | ||
}; | ||
destination d_syslog_tcp { | ||
syslog("192.168.1.5" transport("tcp") port(2010)); | ||
}; | ||
log { | ||
source(s_local); source(s_network); | ||
destination(d_syslog_tcp); | ||
}; | ||
``` |