defining source port for log shipping frm proxy to webserver!!

[m6d4]

Hi there,

This should be pretty easy for you guys. I just could not get around how to do it myself. I have syslog-ng config from proxy server to ship all the logs to webserver ( both RH5.3 )

I have squid  logging to a pipe and then deliver the logs to squid dest server on port 514 as following ..

template t_squid {
 template("$MSG\n"); template_escape(no);
};

source s_squid {
pipe("/var/log/squid/vhostlog.pipe");
};

destination d_squid {
 tcp("dest_server_ip" port(514) log_fifo_size(2048));
 file("/var/log/squid/vhosts/vhosts.log" template(t_squid_entry));
};

With this configuration, I want the source port to configured to be lets say 5144 so that it connect to dest_server_ip on 514 but now its randomly connecting from >1023 port.

Thanks in adv
M

[Admin]

Try using localport(514) like this:

template t_squid {
 template("$MSG\n"); template_escape(no);
};

source s_squid {
pipe("/var/log/squid/vhostlog.pipe");
};

destination d_squid {
 tcp("dest_server_ip" port(514) localport(514); log_fifo_size(2048));
 file("/var/log/squid/vhosts/vhosts.log" template(t_squid_entry));
};

[m6d4]

Thanks for the reply.. I am testing this one .. just found that we prob. dont need semi colon after localport (514) coz it fails to restart.

Regards
=M