Back to your phpLogCon instanceManual says that two instances of service can use one port. I want all messages to be logged to database and some sent by e-mail. But when I configure two services so that to have two rule sets I have the following problem:
StartupServices is processing service "Default Syslog Listener".
Create CInfoSourceSyslog Object
RegKey: SOFTWARE\Adiscon\WinSyslog\Services\IS1
CInfoSourceSyslog: Loading config!
Port: 514
New InfoSource started!
InfoSource 0x00915308 running.
StartupServices is processing service "Syslog Server 2".
Create CInfoSourceSyslog Object
RegKey: SOFTWARE\Adiscon\WinSyslog\Services\IS2
CInfoSourceSyslog: Loading config!
Port: 514
New InfoSource started!
InfoSource 0x00915580 running.
Error Message set: 'Can't bind to socket - please make sure no other service is listening on the same port/protocol.'
####@@@@@@#### expected handler!
Can't bind to socket - please make sure no other service is listening on the same port/protocol.
InfoSource 0x00915308 has ended.
Waking up worker thread.
CQueManList::WorkerThread() woke up.
CRuleList::ApplyRules() Check Filter Condition: Begin
Check Filter Condition: Conditions all OK, Filter fires!
CActionListEntry::CallAction, ID 1002
CWinSock::CWinSock(int af, int type, int protocol)
Target 10.207.32.21 - 1520cf0a set
Get Server: 10.207.32.21
CActionSendEmail: Send HELO
CActionSendEmail: Send MAIL FROM
CActionSendEmail: Send RCPT TO
CActionSendEmail: Send Date
CActionSendEmail: Send From:
+++generateSMTPSubject
CActionSendEmail: Send Subject:
CActionSendEmail: Send RCPT:
CActionListEntry::CallAction, ID 1003
matching.
DELETEFIRSTENTRY: 00000000 - pTail
CActionSendEmail: Send Message
CQueManList::WorkerThread() woke up.
CQueManList::WorkerThread() woke up.
in stop loop, service id 0, pointer 0x009152c0.
in stop loop, service id 1, pointer 0x009152c4.
Waking up worker thread.
CQueManList::WorkerThread() woke up.
QueMan: Stop Message - Terminating...
DELETEFIRSTENTRY: 00000000 - pTail
Cancel thread 0x00914e60...
Cancel thread 0x00914e64...
Worker Thread FINISHED!
MonitorWare Knowledge Base
Your first source for knowledge
two services
Moderator: alorbach
7 posts • Page 1 of 1
by alorbach on Wed Mar 12, 2003 11:26 am
Hi,
please tell me the position of the manual that says two Syslog Services can use the same port
I am bit confused
.
However, it is not possible - from the technical point of view.
Only one Service can use one port. If you want to use another Syslog Server, you have to specifiy a different port.
But from the things you want to do, you don't need two Syslog Services.
You can do this with one RuleSet and two Rules for example. Give the first rule a database action, and the second rule an email action. In the second Rule, enable the filter conditions as you need them (As you wrote, you only need some messages by email).
please tell me the position of the manual that says two Syslog Services can use the same port
I am bit confused
.
However, it is not possible - from the technical point of view.
Only one Service can use one port. If you want to use another Syslog Server, you have to specifiy a different port.
But from the things you want to do, you don't need two Syslog Services.
You can do this with one RuleSet and two Rules for example. Give the first rule a database action, and the second rule an email action. In the second Rule, enable the filter conditions as you need them (As you wrote, you only need some messages by email).
-
alorbach - Site Admin
- Posts: 855
- Joined: Thu Feb 13, 2003 11:55 am
by slava on Wed Mar 12, 2003 12:00 pm
Services
Services inside the WinSyslog Service gather the data that is processed by rules. Each service type reflects a specific set of code inside the WinSyslog Service. For example, a syslog services represents an instance of a syslog server
Typically, there can be multiple instances of the same service running, as long as their configuration parameters do not conflict. There can be multiple syslog servers on a given system as long as they listen to different ports. Consequently, there can be multiple instances of the syslog service be created. For example, there could be three of them: 2 listen to the default port of 514, but one with TCP and one with UDP and a third one listens to UDP, port 10514. All three coexist and run at the same time.
Services inside the WinSyslog Service gather the data that is processed by rules. Each service type reflects a specific set of code inside the WinSyslog Service. For example, a syslog services represents an instance of a syslog server
Typically, there can be multiple instances of the same service running, as long as their configuration parameters do not conflict. There can be multiple syslog servers on a given system as long as they listen to different ports. Consequently, there can be multiple instances of the syslog service be created. For example, there could be three of them: 2 listen to the default port of 514, but one with TCP and one with UDP and a third one listens to UDP, port 10514. All three coexist and run at the same time.
- slava
by alorbach on Wed Mar 12, 2003 12:28 pm
One Service runs on Port 514 TCP and the other Service runs on Port 514 UDP. That is AFAIK possible, because this are different protocols.
But two Syslog Services on Port 514 UDP or two Services Port 514 TCP are not possible. FYI, this is not any limitation that comes from WinSyslog, it is just the way TCP/IP works.
But two Syslog Services on Port 514 UDP or two Services Port 514 TCP are not possible. FYI, this is not any limitation that comes from WinSyslog, it is just the way TCP/IP works
.-
alorbach - Site Admin
- Posts: 855
- Joined: Thu Feb 13, 2003 11:55 am
by rgerhards on Wed Mar 12, 2003 12:51 pm
Actually, the text in the manual can be misleading. Sorry for that. The intention of that paragraph was to say that multiple services can run, but only a single one can listen to the same port of the same protcol (UDP and TCP being the protocols). This is often used if you have "normal" syslog devices reporting via 514/UDP and some others (e.g. EventReporter clients) via 514/TCP.
As Andre pointed out, there is fortunately no need to run two services in your scenario. A single service will do. That single service must be bound to a rule set with at least a two rules. The first rule will have no filter and do the database logging as its action. The second rule will have a filter, allowing only those messages through that you are interested in receiving emails on. That rule will have the email action.
I hope this clarifies.
Rainer Gerhards
Adiscon
As Andre pointed out, there is fortunately no need to run two services in your scenario. A single service will do. That single service must be bound to a rule set with at least a two rules. The first rule will have no filter and do the database logging as its action. The second rule will have a filter, allowing only those messages through that you are interested in receiving emails on. That rule will have the email action.
I hope this clarifies.
Rainer Gerhards
Adiscon
-
rgerhards - Site Admin
- Posts: 1282
- Joined: Thu Feb 13, 2003 11:57 am
by slava on Wed Mar 12, 2003 4:15 pm
thank you. It just was unclear for me your RuleSet, Rull, Service concept..maybe a little bit too complex.
May be it would be good if this program said something not just in debuging text file when two services are configured on the same port..
Anyway thank you. At least my boss likes it:)
May be it would be good if this program said something not just in debuging text file when two services are configured on the same port..
Anyway thank you. At least my boss likes it:)
- slava
by rgerhards on Wed Mar 12, 2003 6:16 pm
Thanks for the good suggestion. Sometimes the obvious things are overlooked . I will file a work item to make the configuration client check this. I hope we'll have it in the next version.
Rainer Gerhards
Adiscon
. I will file a work item to make the configuration client check this. I hope we'll have it in the next version.
Rainer Gerhards
Adiscon
-
rgerhards - Site Admin
- Posts: 1282
- Joined: Thu Feb 13, 2003 11:57 am
Google Ads
7 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
