> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Wednesday, March 14, 2012 7:44 PM > To: rsyslog-users > Subject: Re: [rsyslog] which local IP address to use > > On Wed, 14 Mar 2012, Rainer Gerhards wrote: > > > Hi all, > > > > I am going to make a change that permits to use a real IP address vs. > > 127.0.0.2. However, I am not exactly sure which is the best way to > proceed. I > > have blogged about the topic: > > > > http://blog.gerhards.net/2012/03/signifying-local-host-ip-in- > rsyslog.html > > > > Feedback is highly appreciated and will be used to guide the final > decision. > > I read the blog post, but I still don't understand what you are trying > to > accomplish with this. > > There frequently isn't a single local address (even in IPv4, and IPv6 > adds > link local addresses at the very least, and possibly many others). I > have > production rsyslog servers with 22 interfaces in them for example. > > Add in failover, bonding, vlans, etc and things can get really messy. > > In linux at least, you (the application) have no way of knowing what > interface a packet actually arrived at. > > as proof of this, take two boxes, configure two interfaces on them (say > 192.168.2.x and 192.168.3.x and then cross-connect the interfaces (wire > from 192.168.2.x on one box to 192.168.3.x on the other), you will find > that the two boxes can continue to communicate just fine (unless you > put > in firewall rules to prevent it. > > In Linux the IP address belongs to a box, not to a particular > interface, > at least as far as receiving packets are concerned. This is how things > like Linux Virtual Server work in some modes for example.
Well, the root use case is the ability to identify the box via "its" IP address. Where "its" probably boils down to "one consistent" IP address. So far, we always say "127.0.0.1", which is a token for "localhost". But that doesn't work well when pushing these messages to other machines (and still using the original IP address as it was reported in fromhost-IP). I think this is the actual use case why I got the request and I also think this is valid. In highly dynamic environments that whole idea does definitely not work out, but in a datacenter setting it probably does (at least for a larger number of setups). > > > > Now, all that being said, it would be a very good thing to be able to > identify which input source someting came from, so if you have multiple > imtcp entries, each listening on a specific IP address/port you can > then > filter on which listener received the message. Since you may be > listening > on multiple ports/protocols on the same IP address, this will need to > be a > string, not an IP address (TCP_0.0.0.0_514 vs UDP_0.0.0.0_514 vs > RELP_0.0.0.0_514 for example) This can already done by naming the individual listeners properly, e.g. by $InputTCPServerInputName (I think in recent builds it is per-listner vs. per-module, but better double check ;)). Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
