I have a setup where logs from a syslog-ng client is sent to a rsyslog server. I want send logs via TCP.
Following is the configuration of my syslog-ng client.
destination d_remoteUdp { network("192.168.104.48" transport("udp") port(514));};
destination d_net { tcp("192.168.104.48" port(601) log_fifo_size(1000)); };
log {source(s_src); destination(d_remoteUdp); };
log {source(s_src); destination(d_net); };
where 192.168.104.48 is the ip of the server.
How to configure rsyslog to receive these logs?
Add to your rsyslog.conf:
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="601")
Related
We have our GRPC services behind a gateway server, when I connect using BloomRPC I specify the hostname(without port) and enable TLS(Server Certificate option).
In K6 when I try to create a connection,
client.connect('<hostname>', {
});
I am getting an error saying the port number is mandatory, So I tried giving the port as 443 but our proxy is not able to identify the requests because of which getting a response with status 12(UNIMPLEMENTED)
How can I fix this issue?
Having a grpc client and server and they are exchanging messages in grpc unary mode. I want to log all the messages the client sends to the server without changing a single line of code in both client or server. I came across to Nginx with its new graceful grpc support. Is it possible to route grpc messages from client to server via Nginx while sending a copy of them to a remote logging service? If No, please let me know if there are any other tools out there that do the same stuff.
i have my first question after years.
i configured a remote syslog to send events to my syslogs event.
now i want to resend this events to a siem via syslog but i can't.
I see some events in var/log/messages the are not sending to the siem
### end of the forwarding rule
I am working on a network proxy project and a newbie to this field. I want to create a tun-tap interface and send an HTTP request through this interface. Here is my approach.
use tun_tap::Iface;
use tun_tap::Mode;
use std::process:Command;
fn cmd(cmd: &str, args: &[&str]) {
let ecode = Command::new(cmd)
.args(args)
.spawn()
.unwrap()
.wait()
.unwrap();
assert!(ecode.success(), "Failed to execte {}", cmd);
}
fn main() {
let iface = Iface::new("tun1",Mode::Tun).unwrap();
cmd("ip", &["addr", "add", "dev", 'tun1', '192.168.0.54/24']);
cmd("ip", &["link", "set", "up", "dev", 'tun1']);
// 192.168.0.53:8000 is my development server created by python3 -m http.server command
let sent = iface.send(b"GET http://192.168.0.53:8000/foo?bar=898 HTTP/1.1").unwrap();
}
But my development server is not receiving any request. And not displaying any error.
A TUN interface sends and receives IP packets. This means that the data you give to iface.send must be an IP packet in order to be delivered. You can see in your code you're not indicating what server you are connecting to because at this layer connections "don't even exist". The IP in the HTTP request happens to be there because HTTP protocol says so, but you must already be connected to the server when you send this information.
In order to send and receive data from a tun interface you'll have to build an IP packet.
Once you can send and receive IP packets, you'll have to implement the TCP protocol on top of that to be able to open a connection to an HTTP server. On this layer (TCP) is where the concept of "connection" appears.
Once you can open and send/receive data over a TCP connection, you'll have to implement the HTTP protocol to be able to talk to the HTTP server, i.e. "GET http://192.168.0.53:8000/foo?bar=898 HTTP/1.1".
This is the question about HTTP CONNECT method.
I learned that after CONNECT request from client a TCP connection is established between proxy and remote server.
Then, at the step of SSL handshake, does the proxy evaluate and relay any http data from client up to at TCP level? So the data is not passed to application level of the proxy?
I understood that after SSL session establishment any data from client is encrypted and the proxy cannot read those. But how about the time before SSL session establishment, that is, SSL handshake step?
After the proxy has sent a successful response to the clients CONNECT request a normal proxy will forward all data between client and server without any changes. This includes the TLS handshake for HTTPS connections tunneled using CONNECT.
Note that there are proxies which do SSL interception (typically at firewalls). In this case the data are not blindly forwarded but the proxy will be an active man in the middle which means that the client does not receive the original certificate from the server and that the proxy will decrypt and maybe even modify the traffic between client and server.