两个主机之间的 Syslog-ng 和 Stunnel(连接被拒绝)

两个主机之间的 Syslog-ng 和 Stunnel(连接被拒绝)

我想通过隧道在我的 LAN 上的主机和 DMZ 中的主机之间设置 syslog-ng,但不太清楚配置。隧道配置似乎是正确的。如果我在两台机器上都关闭 syslog,我就可以nc -l 5140在 dmzhost 上运行,并使用 telnet 从 LAN 端通过隧道进行连接。在任一连接上输入文本都会在两台机器上回显。

当我在任意一台机器上启动 syslog-ng 时,我收到以下错误:地址已被使用连接被拒绝(111)。我读到 stunnel 需要在 syslog-ng 之前启动,但这似乎无关紧要,因为无论哪种方式都会失败。我试图用下面的配置来澄清。有什么想法吗?

LAN 日志服务器 (stunnel)

# /etc/stunnel/dmz.conf
client  = yes
cert    = /etc/stunnel/dmz/stunnel.pem
pid     = /var/run/stunnel4/dmz.pid

[lan]
# connect port 55514 on the remote end to LAN localhost on port 5140
connect = dmzhost.ip.addr:55514
accept  = 127.0.0.1:5140

LAN syslog-ng 配置

# /etc/syslog-ng/syslog-ng.conf
# dump data from port 5140 to syslog-ng on the LAN host
source s_dmzhost {tcp(ip("127.0.0.1") port(5140) max-connections(10));};

destination d_dmzhost {
   file("/var/log/dmzhost.log"
   template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
   template_escape(no));
};

log {source(s_dmzhost); destination(d_dmzhost);};

LAN 错误

# /etc/init.d/syslog-ng start
 * Starting system logging syslog-ng 
Error binding socket; addr='AF_INET(127.0.0.1:5140)', error='Address already in use (98)'
Error initializing source driver; source='s_dmzhost', id='s_dmzhost#0'
Error initializing message pipeline;

DMZ 主机 Web 服务器 (stunnel)

# /etc/stunnel/dmzhost.conf 
cert    = /etc/stunnel/dmzhost/stunnel.pem
pid     = /var/run/stunnel4/dmzhost.pid

[syslog]
cert    = /etc/stunnel/dmzhost/stunnel.pem
accept  = 0.0.0.0:55514
connect = 127.0.0.1:5140

DMZ 主机 syslog-ng

# /etc/syslog-ng/syslog-ng.conf
source s_src {
       system();
       internal();
};

destination my_stunnel {tcp("127.0.0.1" port(5140));};
log {source(s_src); destination(my_stunnel);};

DMZ 主机错误

# /etc/init.d/syslog-ng start
Jul 27 15:30:16 dmzhost syslog-ng[15456]: Syslog connection failed; \
fd='12', server='AF_INET(127.0.0.1:5140)', error='Connection refused (111)', time_reopen='60'

相关内容