syslog-ng Open Source Edition 3.33

syslog-ng Open Source Edition 3.33 - Release Notes

Supported platforms New Features Resolved Issues Known Issues Product Licensing Upgrade and Installation Instructions More resources

Example use case: using the $DESTIP, the $DESTPORT, and the $PROTO macros

This section describes scenarios when One Identity recommends using the $DESTIP, the $DESTPORT, and the $PROTO macros.

Using the $DESTIP, the $DESTPORT, and the $PROTO macros is relevant when multiple sources are configured to receive messages on the syslog-ng OSE side. In this case, the hostname and IP address on the sender's side and the syslog-ng OSE side is the same, and at a later point in the pipeline, syslog-ng OSE can not by default specify which source received the message. The $DESTIP, the $DESTPORT, and the $PROTO macros solve this issue by specifying the local IP address and local port of the original message source, and the protocol used on the original message source on the syslog-ng OSE side.

When to use the $DESTIP, the $DESTPORT, and the $PROTO macros

One Identity recommends using the $DESTIP, the $DESTPORT, and the $PROTO macros in either of the following scenarios:

Your appliance sends out log messages through both UDP and TCP.
The format of the UDP log messages and the TCP log messages is different, and instead of using complex filters, you want to capture either of them, preferably with the simplest possible filter.
The IP addresses on the sender's side and the syslog-ng OSE side are the same, therefore the netmask() option doesn't work in your configuration.
The hostnames on the sender's side and the syslog-ng OSE side are the same, therefore the host() option doesn't work in your configuration.

Macros: $DESTIP, $DESTPORT, and $PROTO

To solve either of the challenges listed previously, syslog-ng Open Source Edition (syslog-ng OSE) supports the following macros that you can include in your configuration:

Configuration and output

The following configuration example illustrates how you can use the $DESTIP, the $DESTPORT, and the $PROTO macros in your syslog-ng OSE configuration.

Example: using the $DESTIP, the $DESTPORT, and the $PROTO macros in your configuration

The $DESTIP, the $DESTPORT, and the $PROTO macros in your syslog-ng OSE configuration:

log{ 
  source{ 
    network(localip(10.12.15.215) port(5555) transport(udp)); 
  };

destination { 
  file("/dev/stdout" template("destip=$DESTIP destport=$DESTPORT proto=$PROTO\n")); 
  };
};

With these configuration settings, the macros will specify the local IP, the local port, and the protocol information of the source from which the message originates as follows:

destip=10.12.15.215 destport=5555 proto=17

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem