On Wed, 14 Mar 2012, Rainer Gerhards wrote:
Hi all,
I am going to make a change that permits to use a real IP address vs.
127.0.0.2. However, I am not exactly sure which is the best way to proceed. I
have blogged about the topic:
http://blog.gerhards.net/2012/03/signifying-local-host-ip-in-rsyslog.html
Feedback is highly appreciated and will be used to guide the final decision.
I read the blog post, but I still don't understand what you are trying to
accomplish with this.
There frequently isn't a single local address (even in IPv4, and IPv6 adds
link local addresses at the very least, and possibly many others). I have
production rsyslog servers with 22 interfaces in them for example.
Add in failover, bonding, vlans, etc and things can get really messy.
In linux at least, you (the application) have no way of knowing what
interface a packet actually arrived at.
as proof of this, take two boxes, configure two interfaces on them (say
192.168.2.x and 192.168.3.x and then cross-connect the interfaces (wire
from 192.168.2.x on one box to 192.168.3.x on the other), you will find
that the two boxes can continue to communicate just fine (unless you put
in firewall rules to prevent it.
In Linux the IP address belongs to a box, not to a particular interface,
at least as far as receiving packets are concerned. This is how things
like Linux Virtual Server work in some modes for example.
Now, all that being said, it would be a very good thing to be able to
identify which input source someting came from, so if you have multiple
imtcp entries, each listening on a specific IP address/port you can then
filter on which listener received the message. Since you may be listening
on multiple ports/protocols on the same IP address, this will need to be a
string, not an IP address (TCP_0.0.0.0_514 vs UDP_0.0.0.0_514 vs
RELP_0.0.0.0_514 for example)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
