network() Source Driver
The network() source driver can receive syslog messages conforming to RFC-3164 from the network using the TCP and UDP networking protocols. It belongs in the afsocket module.
Status
| UDP | x86_64 | Works |
|---|---|---|
| UDP | ARM | Works |
| TCP | x86_64 | Works |
| TCP | ARM | Works |
Note
The network source driver also includes TCP source listening on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with syslog-ng OSE here.
How to Test
Configuration File Used
We can set up our syslog-ng OSE configuration, such that it is listening for TCP and UDP protocol messages on the specified ports.
@version: 3.31
@include "scl.conf"
options {
stats-freq(10);
};
source s_network_tcp {
network(port(1999) transport("tcp"));
};
source s_network_udp {
network(port(5060) transport("udp"));
};
destination console{
file(/dev/stdout);
};
log {
source(s_network_udp);
source(s_network_tcp);
destination(console);
};
Test Functionality and Proof
When we run syslog-ng OSE with this configuration file, we will begin a server that listens on the respective ports. We can also use netcat, a tool built into macOS, to connect to the recently opened port from the client-side and test it by sending messages.
Note: By default, using the network driver will cause syslog-ng OSE to listen on IPv4, which is why we have used the -4 flag with netcat to force IPv4. This can be skipped with TCP as it will try to connect on IPv6, determine this isn’t working, and retry with IPv4. But UDP being connectionless, cannot detect it should fall back to IPv4.
