1
response

Hello All,

 

I am using nxlog-ce-2.9.1716 client to collect logs from my device and then forward it to logstash. I want to make sure nxlog client accept syslogs from particular source instead any. However when using specific IP in im_udp module, I am getting error as below:

 

"2017-03-07 16:04:51 ERROR failed to start im_udp; couldn't bind udp socket to 172.20.20.20:514; The requested address is not valid in its context. " 

 

my input driver is configured as below:

 

<Input in>
    Module    im_udp
    Host    172.20.20.20
    Port    514
</Input>

 

I tried by changing host as below as well:

 

Host 172.20.20.20/32 - No luck

Host 172.20.20.20/255.255.255.0 - No luck

Host 172.20.20.20/255.255.255.255 - No luck

Host 172.20.20.20 255.255.255.255 - no luck

Host 172.20.20.20 255.255.255.0 - No luck

 

However if I make Host 0.0.0.0 - it works , but this is not what I am looking for. 

 

Please help if I am missing anything. 

 

 

 

Regards,

Gaurang 

AskedMarch 7, 2017 - 12:02pm

Answer (1)

Hello GaurangMaru,

The Host directive in the Input section refers which address to "bind". Examples could be "0.0.0.0" or "127.0.0.1", etc. There are two ways to achieve what you want to do:

  1. Use an exec clause like: Exec if $MessageSourceAddress != "1.2.3.4" drop();
  2. Or use a firewall to block incoming connections from a specific IP address

Regards,

Panagiotis

NXLog Team.