On Thu, 15 Mar 2012, Rainer Gerhards wrote:
-----Original Message-----
On Wed, 14 Mar 2012, Rainer Gerhards wrote:
Hi all,
I am going to make a change that permits to use a real IP address vs.
127.0.0.2. However, I am not exactly sure which is the best way to
proceed. I
have blogged about the topic:
http://blog.gerhards.net/2012/03/signifying-local-host-ip-in-
rsyslog.html
Feedback is highly appreciated and will be used to guide the final
decision.
I read the blog post, but I still don't understand what you are trying
to
accomplish with this.
There frequently isn't a single local address (even in IPv4, and IPv6
adds
link local addresses at the very least, and possibly many others). I
have
production rsyslog servers with 22 interfaces in them for example.
Add in failover, bonding, vlans, etc and things can get really messy.
In linux at least, you (the application) have no way of knowing what
interface a packet actually arrived at.
as proof of this, take two boxes, configure two interfaces on them (say
192.168.2.x and 192.168.3.x and then cross-connect the interfaces (wire
from 192.168.2.x on one box to 192.168.3.x on the other), you will find
that the two boxes can continue to communicate just fine (unless you
put
in firewall rules to prevent it.
In Linux the IP address belongs to a box, not to a particular
interface,
at least as far as receiving packets are concerned. This is how things
like Linux Virtual Server work in some modes for example.
Well, the root use case is the ability to identify the box via "its" IP
address. Where "its" probably boils down to "one consistent" IP address. So
far, we always say "127.0.0.1", which is a token for "localhost". But that
doesn't work well when pushing these messages to other machines (and still
using the original IP address as it was reported in fromhost-IP). I think
this is the actual use case why I got the request and I also think this is
valid. In highly dynamic environments that whole idea does definitely not
work out, but in a datacenter setting it probably does (at least for a larger
number of setups).
This will work in some setups, but as soon as you introduce IPv6 it breaks
as you will have at least two IPv6 addresses (in addition to any possible
IPv4 address).
I think that I better approach would be to create a parser module that
checks if the system name is '127.0.0.1' and if so replace it with the
fromhost-ip on the receiving system
personally, I would expect to see the hostname be set by the sender in
that sort of situation, not 127.0.0.1
If you really need to set the source IP in the message, the only component
that can do that is the sending output module, and it only because it can
check the source IP of the connection. I guess this could work since the
output module is what calls the property replacer to format the output.
You could add an additional property that is trasient and defined
per-connection to be filled in by the output module at the time the
message is sent.
With dynamic routing (pretty close to mandatory for IPv6), your source IP
could even change between messages if the routes change and your
connection gets reestablished.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
