Closed 9SMTM6 closed 8 months ago
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
The readme has the answer here.
ports:
- 514:5514/udp
- 601:6601/tcp
- 6514:6514/tcp
to avoid running the application as root, we use non-privileged ports inside the container, but instruct you to map these to the default syslog ports on the host.
The shipped default config is a very basic example providing listeners for TCP and UDP and logging to file, but it's not intended to be something that will suit every use case. Specifically we don't configure TLS listeners out of the box because that requires certificates and that's something that's going to be specific to a given target environment.
BTW, I wont open a separate issue for this, because I might have something else misconfigured and I dont have the time to check properly, but If you know why TCP wont work for me, I'd love to know. But while this works:
logger --udp -n localhost -P 514 test
And this doesn't give an error on the client:
logger --tcp -n localhost -P 601 test
The latter doesn't appear in the logfile, while the first does.
Ah, thank you for the fast reply, @thespad. That makes sense. I would perhaps add a quick PR to comment on this in the docker-compose or the readme? Because as someone not working with networking on a daily basis, and with it working for UDP, I probably would've been surprised at TLS not working.
@Roxedus Thank you, I've read that. I should've clarified that of course I was looking for the port that is the target (the inner port) in the docker port-mapping. Otherwise I would not have been able to see the TCP or UDP ports either.
BTW, I wont open a separate issue for this, because I might have something else misconfigured and I dont have the time to check properly, but If you know why TCP wont work for me, I'd love to know. But while this works:
logger --udp -n localhost -P 514 test
And this doesn't give an error on the client:
logger --tcp -n localhost -P 601 test
The latter doesn't appear in the logfile, while the first does.
Depending on what's sending the TCP syslog messages and the format it's using you may need to change syslog(transport(tcp) port(6601));
to network(transport(tcp) port(6601));
in the syslog-ng.conf
@thespad Indeed, this works, at least with logger! I'm not sure why it always works when using UDP, but when using TCP you got to change protocols, but the results are as such.
> logger --version
logger from util-linux 2.39.2
Anyways, thanks you. If you don't disagree, and I get to it, I might do a PR later today that adds some comments or similar to explain the TLS thing, and perhaps also this gotcha, to newcomers such as me?
The short answer is that syslog standards are a real mess.
Is there an existing issue for this?
Current Behavior
The ports provided in the docker compose are not mentioned in the default
config/syslog-ng.conf
. I dont think without it being configured, it will work.Expected Behavior
This port should be configured as source with the correct protocol, similar to how TCP and UDP are configured in there.
I've not got much of an idea of syslog-ng, so perhaps I'm wrong. I can't test this, because I can't get through messages even with basic unsecure TCP. Only UDP works for me.
Steps To Reproduce
look at the reference files. This of also CPU overarching.
Environment
CPU architecture
x86-64
Docker creation
Container logs