I have configured the below filter for rsyslog to direct a few SSH messages to a specific TCP port 5000 on the local system, so that the service running on the 5000 will process the SSH messages further.
if $fromhost-ip == '127.0.0.1' and ( ($msg contains 'SSH') and ($msg contains 'Test') ) then @@127.0.0.1:5000 Everything seems fine, but the messages are not redirected to the port 5000 and if we direct the messages to UDP port it is working fine.
Below is the filter for messages directing to UDP port.
if $fromhost-ip == '127.0.0.1' and ( ($msg contains 'SSH') and ($msg contains 'Test') ) then @127.0.0.1:5000 Could you please let me know, why TCP port do not work and UDP port works.
2 Answers
Answers 1
I think that you can use tunneling for this. For example
ssh username@serverAddress -L 5000:11.22.33.44:80 # username - username on server # serverAddress - server address # 8080: - port on the local machine that will be opened on loopback interface (127.0.0.1) # 11.22.33.44 - IP address of the server that we'll create a tunnel to using SSH Look here for more info: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-tunneling-on-a-vps
I hope this helps!
Answers 2
May be you decide to use RELP? (https://en.wikipedia.org/wiki/Reliable_Event_Logging_Protocol)
As described at https://linux.die.net/man/5/rsyslog.conf
you need to replace your "then @127.0.0.1:5000" to "then :omrelp:127.0.0.1:5000"
0 comments:
Post a Comment