rsyslog forwarding to different port - rsyslog

I am receiving syslog logs over port 513 that I am trying to forward to port 514 (where I have a service listening for them). So far, all my attempts have been unsuccessful.
I've tried making a file in /etc/rsyslog.d/ with
:fromhost-ip, isequal, "10.20.0.1" #127.0.0.1:514
I've tried adding a ruleset to the /etc/rsyslog.conf file:
ruleset (name="to514"){
action(type="omfwd" Target="127.0.0.1" Port="514" Protocol="udp")
}
input(type="imudp" port"513" ruleset="to513")
What is the right way to go about this?

Related

In rsyslog on ubuntu, how to configure udp and tcp tls

So I have rsyslog on an Ubuntu machine receiving log messages from another machine. The machine is sending tls on port 6514. I have another machine sending to this rsyslog server udp messages on port 514. Only the tls messages are getting to my /var/log/syslog file. The udp messages do not even though I do see the messages when I do a
sudo tcpdump port 514 -v
The related parts of my /etc/rsyslog.conf file are below
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/xxx.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/yyy.pem
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerStreamDriveAuthMode anon
$ActionSendStreamDriverAuthMode anon
$InputTCPServerStreamDriverMode 1
$InputTCPServerRun 6514
What can I be missing that the udp messages are not getting to the syslog folder?
Any help will be greatly appreciated.

Laradock + PhpStorm + Xdebug Fails whereas PhpStorm Validation Succeeds

I've setup debug configuration for PhpStorm and it is successfully validated by PhpStorm:
Xdebug helper for Chrome is also installed.
The problem is that nothing happens when I start listening for debug connections and reload the required page with Xdebug helper switched on. Also tried this bookmarklets with no luck.
No errors or something, just nothing.
Also tried to set different IPs as dockerhost: from 192.168.. range (from network settings), from 172.* range (from nginx), from 10.* range (10.0.75.1 is default). Also tried docker.for.mac.internal.host which failed when containers were starting.
Docker 17.02, macOS Sierra, PhpStorm 2017.3
If you're on linux, be sure to create corresponding rules in your firewall.
But to troubleshoot this more effectively you need to gather more info.
Enable xdebug logging xdebug.remote_log=/var/www/xdebug.log in you
xdebug.ini or you can append that in the "Cli Interpreters > Configuration Options" in PHPStorm (xdebug.remote_log, /path/inside/workspace/container/xdebug.log)
Another step you could take is to monitor the incoming connections to your machine. (run this on where you installed docker). It will start listening to all incoming connection attempts on port 9000.
sudo tcpdump -i any port 9000
Now run the debugger once, check the logs inside the container (workspace by default) and see if any incoming connection attempts have gone through from the container.
If you see something like Time-out connecting to client (Waited: 200 ms). :-(, chances are that your firewall is blocking the incoming connections.
To open them up you could add a rule using ufw
sudo ufw allow in from 172.22.0.0/24 to any port 9000 (or write down a specific ip) Be sure to double check that this is the ip trying to connect
this will allow all connections on port 9000 from 172.22.0.* (which is what laradock uses for its virtual networks). Be sure to double check the logs maybe your setup uses different ip range)
My working xdebug.ini (both in php-fpm and workspace containers are the same)
xdebug.remote_host=dockerhost
xdebug.remote_connect_back=0
xdebug.remote_port=9000
xdebug.idekey=PHPSTORM
xdebug.remote_autostart=1
xdebug.remote_enable=1
xdebug.remote_log=/var/www/xdebug.log
xdebug.cli_color=1
xdebug.profiler_enable=0
xdebug.profiler_output_dir="~/path/to/profiler.log"
xdebug.remote_handler=dbgp
xdebug.remote_mode=req
xdebug.var_display_max_children=-1
xdebug.var_display_max_data=-1
xdebug.var_display_max_depth=-1
If none of the above works, another step would be to also check if you have any containers running on port 9000 already. If so, then you'll need to use another, port, just don't forget to expose it from docker.
(Explanation: docker binds (exposes) ports to the host machine so that any incoming connections get directed to the right container, if 9000 is taken, xdebug won't be able to connect to any IDE on your machine, even if the IDE says it is running the listener)
Hope this helps.

Does fluentd depend on rsyslog?

Still wrapping my head around logging technology. I'm following the fluentd to graylog2 recipe but I don't understand this step:
Open /etc/rsyslog.conf and add the following line to the beginning of the file: *.* #127.0.0.1:5140 Then, restart rsyslogd by running sudo /etc/init.d/rsyslog restart.
What's supposed to listen on 127.0.0.1:5140? Is rsyslog a fluentd dependency?
According to Parse Syslog Messages Robustly:
The problem with syslog is that services have a wide range of log
format, and no single parser can parse all syslog messages
effectively.
Rsyslog seems the recommended way to forward logs to fluentd.
Fluentd listens on the port 5140 if you enable the Rsyslog input. Changing the line in
/etc/rsyslogd.conf
forwards the traffic from Rsyslog to Fluentd.
However, if you don't want to turn on Rsyslog you can just send the traffic straight to port 5140.

How to redirect localhost to 127.0.0.1:8080?

When I check using Apache > Service > Test Port 80, then it shows
Your port 80 is actually used by :
Server: Microsoft-HTTPAPI/2.0
How can I disable this. Tried every possible way, even via registry, and stopping World Wide Web Publishing.
I don't think that's possible. When you type "localhost" into the browser, it resolves that to "127.0.0.1", and fills in the default port of 80. If nothing is listening there, it won't connect. It can't resolve "localhost" to "127.0.0.1:8080". If you can't use port 80, you have to specify the port you want. Use a bookmark if it makes it easier for you.
This is basically redirecting 127.0.0.1:80 to 127.0.0.1:8080
Win7 has no iptables equivalent. Writing a server that does what you want (listens on a port, copies everything to/from another) should be easy enough. You can find one at this URL: http://www.quantumg.net/portforward.php
$> netsh
$> interface portproxy
$> add v4tov4 listenport=xxx connectaddress=127.0.0.1 connectport=yyy protocol=tcp
[or]
port forwarding in windows
Suggestion: If your Apache is under your WIn10
Under Win Settings:
- Proxy - Manual proxy setup - Use a proxy server - Turn On
- Type under Manual proxy server http=127.0.0.1:8080;https=127.0.0.1:8080
- Press the Save button
and tell me if it is working.

Using port number in Windows host file

After installing TeamViewer, I have changed the wampserver port to 8080, so the address is http://localhost:8080.
For the host file located at C:\WINDOWS\system32\drivers\etc\, I have also made the change as below
BEFORE
127.0.0.1 www.example.com
AFTER
127.0.0.1:8080 www.example.com
When I access www.example.com, it doesn't redirect to my wampserver, how can I fix it?
I managed to achieve this by using Windows included Networking tool netsh.
As Mat points out : The hosts file is for host name resolution only, so a combination of the two did the trick for me.
Example
Overview
example.app:80
| <--Link by Hosts File
+--> 127.65.43.21:80
| <--Link by netsh Utility
+--> localhost:8081
Actions
Started my server on localhost:8081
Added my "local DNS" in the hosts file as a new line
127.65.43.21 example.app
Any free address in the network 127.0.0.0/8 (127.x.x.x) can be used.
Note: I am assuming 127.65.43.21:80 is not occupied by another service.
You can check with netstat -a -n -p TCP | grep "LISTENING"
added the following network configuration with netsh command utility
netsh interface portproxy add v4tov4 listenport=80 listenaddress=127.65.43.21 connectport=8081 connectaddress=127.0.0.1
I can now access the server at http://example.app
Notes:
- These commands/file modifications need to be executed with Admin rights
- netsh portproxy needs ipv6 libraries even only to use v4tov4, typically they will also be included by default, otherwise install them using the following command: netsh interface ipv6 install
You can see the entry you have added with the command:
netsh interface portproxy show v4tov4
You can remove the entry with the following command:
netsh interface portproxy delete v4tov4 listenport=80 listenaddress=127.65.43.21
Links to Resources:
Using Netsh
Netsh commands for Interface IP
Netsh commands for Interface Portproxy
Windows Port Forwarding Example
The hosts file is for host name resolution only (on Windows as well as on Unix-like systems). You cannot put port numbers in there, and there is no way to do what you want with generic OS-level configuration - the browser is what selects the port to choose.
So use bookmarks or something like that.
(Some firewall/routing software might allow outbound port redirection, but that doesn't really sound like an appealing option for this.)
What you want can be achieved by modifying the hosts file through Fiddler 2 application.
Follow these steps:
Install Fiddler2
Navigate to Fiddler2 menu:- Tools > HOSTS.. (Click to select)
Add a line like this:-
localhost:8080 www.mydomainname.com
Save the file & then checkout www.mydomainname.com in browser.
Fiddler2 -> Rules -> Custom Rules
then find function OnBeforeRequest on put in the next script at the end:
if (oSession.HostnameIs("mysite.com")){
oSession.host="localhost:39901";
oSession.hostname="mysite.com";
}
The simplest way is using Ergo as your reverse proxy:
https://github.com/cristianoliveira/ergo
You set your services and its IP:PORT and ergo routes it for you :).
You can achieve the same using nginx or apache but you will need to configure them.
This doesn't give the requested result exactly, however, for what I was doing, I was not fussed with adding the port into the URL within a browser.
I added the domain name to the hosts file
127.0.0.1 example.com
Ran my HTTP server from the domain name on port 8080
php -S example.com:8080
Then accessed the website through port 8080
http://example.com:8080
Just wanted to share in case anyone else is in a similar situation.
If what is happening is that you have another server running on localhost and you want to give this new server a different local hostname like
http://teamviewer/
I think that what you are actually looking for is Virtual Hosts functionality. I use Apache so I do not know how other web daemons support this. Maybe it is called Alias. Here is the Apache documentation:
Apache Virtual Hosts examples
-You can use any free address in the network 127.0.0.0/8 , in my case needed this for python flask and this is what I have done :
add this line in the hosts file (you can find it is windows under : C:\Windows\System32\drivers\etc ) :
127.0.0.5 flask.dev
Make sure the port is the default port "80" in my case this is what in the python flask: app.run("127.0.0.5","80")
now run your code and browse flask.dev
Using netsh with connectaddress=127.0.0.1 did not work for me.
Despite looking everywhere on the internet I could not find the solution which solved this for me, which was to use connectaddress=127.x.x.x (i.e. any 127. ipv4 address, just not 127.0.0.1) as this appears to link back to localhost just the same but without the restriction, so that the loopback works in netsh.
You need NGNIX or Apache HTTP server as a proxy server for forwarding http requests to appropriate application -> which listens particular port (or do it with CNAME which provides Hosting company). It is most powerful solution and this is just a really easy way to keep adding new subdomains, or to add new domains automatically when DNS records are pointed at the server.
Apache era call it Virtual host ->
httpd.apache.org/docs/trunk/vhosts/examples.html
NGINX -> Server Block
https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/
Alternate way
Install Redirector
Click Edit redirects -> Create New Redirect

Resources