我想通过隧道在我的 LAN 上的主机和 DMZ 中的主机之间设置 syslog-ng,但不太清楚配置。隧道配置似乎是正确的。如果我在两台机器上都关闭 syslog,我就可以nc -l 5140在 dmzhost 上运行,并使用 telnet 从 LAN 端通过隧道进行连接。在任一连接上输入文本都会在两台机器上回显。
当我在任意一台机器上启动 syslog-ng 时,我收到以下错误:地址已被使用和连接被拒绝(111)。我读到 stunnel 需要在 syslog-ng 之前启动,但这似乎无关紧要,因为无论哪种方式都会失败。我试图用下面的配置来澄清。有什么想法吗?
LAN 日志服务器 (stunnel)
# /etc/stunnel/dmz.conf
client = yes
cert = /etc/stunnel/dmz/stunnel.pem
pid = /var/run/stunnel4/dmz.pid
[lan]
# connect port 55514 on the remote end to LAN localhost on port 5140
connect = dmzhost.ip.addr:55514
accept = 127.0.0.1:5140
LAN syslog-ng 配置
# /etc/syslog-ng/syslog-ng.conf
# dump data from port 5140 to syslog-ng on the LAN host
source s_dmzhost {tcp(ip("127.0.0.1") port(5140) max-connections(10));};
destination d_dmzhost {
file("/var/log/dmzhost.log"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no));
};
log {source(s_dmzhost); destination(d_dmzhost);};
LAN 错误
# /etc/init.d/syslog-ng start
* Starting system logging syslog-ng
Error binding socket; addr='AF_INET(127.0.0.1:5140)', error='Address already in use (98)'
Error initializing source driver; source='s_dmzhost', id='s_dmzhost#0'
Error initializing message pipeline;
DMZ 主机 Web 服务器 (stunnel)
# /etc/stunnel/dmzhost.conf
cert = /etc/stunnel/dmzhost/stunnel.pem
pid = /var/run/stunnel4/dmzhost.pid
[syslog]
cert = /etc/stunnel/dmzhost/stunnel.pem
accept = 0.0.0.0:55514
connect = 127.0.0.1:5140
DMZ 主机 syslog-ng
# /etc/syslog-ng/syslog-ng.conf
source s_src {
system();
internal();
};
destination my_stunnel {tcp("127.0.0.1" port(5140));};
log {source(s_src); destination(my_stunnel);};
DMZ 主机错误
# /etc/init.d/syslog-ng start
Jul 27 15:30:16 dmzhost syslog-ng[15456]: Syslog connection failed; \
fd='12', server='AF_INET(127.0.0.1:5140)', error='Connection refused (111)', time_reopen='60'