Page 1 of 1
Log server and IPv6
Posted: Tue Dec 27, 2016 6:35 pm
by gormank
Hi,
I see that nxlog doesn't support IPv6. Are you aware of any Windows log senders that do?
What other IPv6 issues are known? Just about everything in our network is supposed to be on IPv6, but a few hosts will be IPv4.
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 10:14 am
by mcapra
syslog-ng and rsyslog should both support ipv6 in some form or another. I don't think anything special needs to be done with the rsyslog configurations, but syslog-ng has the tcp6() and udp6() destination modules specifically for that purpose. If you know a specific machine *should only* be using ipv6,
you can force rsyslog into using ipv6 exclusively as a safety measure.
We haven't done extensive testing in big ipv6 environments, and i've only ever seen one setup in production where the bulk of their communications were on ipv6, but I was able to send logs over ipv6 with rsyslog and syslog-ng from both a Linux box and a Windows box without too many issues. Both rsyslog and syslog-ng can be a bit touch-and-go when setting them up in a Windows environment though.
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 1:23 pm
by gormank
Yes, I've read about mixing v4 and v6 and problems, that makes sense.
I'm not sure what big is, but this is ~125-150 hosts.
So you used the Windows rsyslog from Adiscon for the windows rsyslog agent? If not which product?
Keep in mind, I require support, so a pure open source solution is a problem...
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 1:43 pm
by mcapra
gormank wrote:So you used the Windows rsyslog from Adiscon for the windows rsyslog agent?
Correct, but it's worth mentioning this agent is not strictly "free" though i'm not sure what limitations exist for the trial version. You'd have to do a bit of research into that.
On the plus side, setting it up was vastly easier than setting up syslog-ng and NLog.
I didn't have to anything more sophisticated than use the NLS machine's ipv6 address like so:
2016_12_28_12_37_51_192.168.67.99_Remote_Desktop_Connection.png
Which lead to the following result for my eventlog entries (i'm not applying any sort of proper filtering here):
2016_12_28_12_39_13_Dashboard_Nagios_Log_Server.png
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 3:13 pm
by gormank
Actually, I'm looking for a not free product so I at least in theory get support to satisfy a management requirement...
This looks great.
Thanks!
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 5:52 pm
by mcapra
Sure thing! Any other questions regarding agents or ipv6 related items?
Re: Log server and IPv6
Posted: Wed Dec 28, 2016 5:56 pm
by gormank
No, you can close.
Thanks!