You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@flume.apache.org by Erik Steffl <er...@zasran.com> on 2013/05/11 00:14:46 UTC
syslogTcp - is it possible to figure out senders IP (if not in message)?
is it possible to get the IP of the host that is sending syslog message?
Trying to solve the problem of bad sender syslog config (that is
missing hostname), would like to be able to somehow identify where are
the broken messages coming from.
When I looked at syslogTcp
http://grepcode.com/file/repository.cloudera.com/content/repositories/releases/org.apache.flume/flume-ng-core/1.3.0-cdh4.2.0/org/apache/flume/source/SyslogUtils.java#SyslogUtils.extractEvent%28org.apache.flume.source.ChannelBuffer%29
I see that it tries to get hostnam eby parsing message. I would like to
have a fallback in case message does not have the hostname.
thanks!
erik
Re: syslogTcp - is it possible to figure out senders IP (if not in
message)?
Posted by Erik Steffl <er...@zasran.com>.
That's for Flume agents, we are using rsyslog to send messages (so no
Flume agents). However even if we used Flume agents I would still have
the same question (for same reason, Flume agent can be misconfigured
just like rsyslog can be misconfigured).
Looking for something that would get the IP address of the host where
the message is coming from in case we have bad rsyslog configuration and
it does not send hostname (very unlikely but would like to have
something cause if it happens it would be really hard to track the
message origin afterwards)
Since it's syslogTcp that is processing the incoming message I was
hoping that it could get the sender's IP, but that does nto seem
possible. Is there any way to do this in Flume?
thanks!
erik
On 05/10/2013 10:27 PM, Alexander Alten-Lorenz wrote:
> Do you have looked at Interceptors?
> http://flume.apache.org/FlumeUserGuide.html#host-interceptor
>
> => Host Interceptor
>
> Best,
> Alex
>
>
> On May 11, 2013, at 12:14 AM, Erik Steffl <er...@zasran.com> wrote:
>
>> is it possible to get the IP of the host that is sending syslog message?
>>
>> Trying to solve the problem of bad sender syslog config (that is missing hostname), would like to be able to somehow identify where are the broken messages coming from.
>>
>> When I looked at syslogTcp http://grepcode.com/file/repository.cloudera.com/content/repositories/releases/org.apache.flume/flume-ng-core/1.3.0-cdh4.2.0/org/apache/flume/source/SyslogUtils.java#SyslogUtils.extractEvent%28org.apache.flume.source.ChannelBuffer%29 I see that it tries to get hostnam eby parsing message. I would like to have a fallback in case message does not have the hostname.
>>
>> thanks!
>>
>> erik
>
> --
> Alexander Alten-Lorenz
> http://mapredit.blogspot.com
> German Hadoop LinkedIn Group: http://goo.gl/N8pCF
>
Re: syslogTcp - is it possible to figure out senders IP (if not in message)?
Posted by Alexander Alten-Lorenz <wg...@gmail.com>.
Do you have looked at Interceptors?
http://flume.apache.org/FlumeUserGuide.html#host-interceptor
=> Host Interceptor
Best,
Alex
On May 11, 2013, at 12:14 AM, Erik Steffl <er...@zasran.com> wrote:
> is it possible to get the IP of the host that is sending syslog message?
>
> Trying to solve the problem of bad sender syslog config (that is missing hostname), would like to be able to somehow identify where are the broken messages coming from.
>
> When I looked at syslogTcp http://grepcode.com/file/repository.cloudera.com/content/repositories/releases/org.apache.flume/flume-ng-core/1.3.0-cdh4.2.0/org/apache/flume/source/SyslogUtils.java#SyslogUtils.extractEvent%28org.apache.flume.source.ChannelBuffer%29 I see that it tries to get hostnam eby parsing message. I would like to have a fallback in case message does not have the hostname.
>
> thanks!
>
> erik
--
Alexander Alten-Lorenz
http://mapredit.blogspot.com
German Hadoop LinkedIn Group: http://goo.gl/N8pCF