.\" Man page generated from reStructuredText. . .TH LOGFORWARDER 1 "2011-05-11" "0.1" "" .SH NAME logForwarder \- Log item to manage ssh tunnels between log components and tools . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH NAME .sp logForwarder \- Tools for creating and maintaining ssh tunnels between log components in complex topologies .SH SYNOPSYS .INDENT 0.0 .INDENT 3.5 logForwarder [options] ... .UNINDENT .UNINDENT .SH DESCRIPTION .sp logForwarder helps simplifying the maintenance of ssh tunnels between log components and tools, thus improving log scalability and configuration in complex network topologies. The components may be defined in a program to be monitored, they publish messages in the LogCentral. The tools get the messages subscribing to the LogCentral. .sp Before starting a log forwarder, you must: .INDENT 0.0 .IP \(bu 2 launch omniNames on the local and remotes hosts. .IP \(bu 2 launch the remote peer only defining its name and network configuration. .IP \(bu 2 launch local peer and give him remote peer\(aqs name, ssh connection informations, remote port to use and pass \-C option to create the ssh tunnel. .UNINDENT .sp [Remark: forwarders must be launched before the log tools/components] .SH OPTIONS .INDENT 0.0 .TP .B \fB\-\-name\fP [name] String identifying the forwarder .TP .B \fB\-\-peer\-name\fP [name] String identifying its peer on the other network .TP .B \fB\-\-ssh\-host\fP [host] Host hosting the ssh tunnel .TP .B \fB\-\-ssh\-login\fP [login] Login used to establish the ssh connection (default: current user login). .TP .B \fB\-\-ssh\-key\fP [/path/to/ssh/key] Path to the ssh key (the private one !) used to establish the ssh connection (default: $HOME/.ssh/id_rsa). .TP .B \fB\-\-remote\-port\fP [port] Port listening on the ssh host. .TP .B \fB\-\-remote\-host\fP [host] Host to which the connection is made by the tunnel (corresponds to ssh options \-L and \-R). .TP .B \fB\-\-nb\-retry\fP [nb] Number of times that the local forwarder will try to bind itself to the remote forwarder (default: 3). .TP .B \fB\-\-peer\-ior\fP [IOR] Pass remote forwarder\(aqs IOR. By default, the local forwarder will retrive its peer IOR. .TP .B \fB\-\-net\-config\fP [path/to/configuration/file] Path to configuration file. .TP .B \fB\-C\fP Create the tunnel from this forwarder. .UNINDENT .SH CONFIGURATION FILE .sp You can pass a configuration file to dietForwarder instead of using command line options through the \-\-net\-config option. Configuration file lists several rules describing networks reachable using this forwarder. .sp There\(aqs two category of rules: .INDENT 0.0 .TP .B \fBaccept rules\fP describe which networks are accessible through the forwarder. .TP .B \fBreject rules\fP describe which networks are not accessible through the forwarder. .UNINDENT .sp A rule always starts by either \fBaccept:\fP or \fBreject:\fP immediately followed by a regular expression (Posix) describing host concerned by the rule. Rules are evaluated in the following order: \fBaccept\fP then \fBreject\fP\&. For instance: .INDENT 0.0 .INDENT 3.5 accept:.* reject:localhost .UNINDENT .UNINDENT .sp This fragment means that the forwarder will accept connections to every hosts but localhost. .SH EXAMPLE .sp Here\(aqs a simple configuration: .INDENT 0.0 .IP \(bu 2 We have two domains: \fInet1\fP and \fInet2\fP, forwarders will be launched on hosts \fIfwd.net1\fP and \fIfwd.net2\fP\&. .IP \(bu 2 There\(aqs no link between hosts \fIfwd.net1\fP and \fIfwd.net2\fP but user may access \fIfwd.net2\fP from \fIfwd.net1\fP using a ssh connection. .IP \(bu 2 We\(aqll name \fIfwd.net1\fP forwarder Fwd1 and \fIfwd.net2\fP fowarder Fwd2. .IP \(bu 2 One tool lives in \fIfwd.net2\fP while a component lives on the \fInet1\fP domain. .UNINDENT .sp \fBCommand line for launchind Fwd1\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C fwd.net1$ logForwarder \-\-name Fwd1 \-\-peer\-name Fwd2 \e \-\-ssh\-host fwd.net2 \-\-ssh\-login dietUser \e \-\-ssh\-key id rsa net2 \-\-remote\-port 50000 \e \-\-net\-config net1.cfg \-C .ft P .fi .UNINDENT .UNINDENT .sp \fBCommand line to launch Fwd2\fP .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C fwd.net2$ logForwarder \-\-name Fwd2 \-\-net\-config net2.cfg .ft P .fi .UNINDENT .UNINDENT .sp \fBConfiguration file for Fwd1\fP .sp In this example, the forwarders Fwd1 accepts only the connections to fwd.net2. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C accept:fwd.net2 .ft P .fi .UNINDENT .UNINDENT .sp \fBConfiguration file for Fwd2\fP .sp In this example, the forwarders Fwd2 accepts all the connections except those which are for the localhost. .INDENT 0.0 .INDENT 3.5 .sp .nf .ft C accept:.* reject:localhost .ft P .fi .UNINDENT .UNINDENT .SH RATIONALE .sp The log service uses CORBA as its communication layer. While it\(aqs a flexible and robust middleware, it remains hard deploying the log on heterogeneous networks that are not reachable except through ssh tunnels. Log forwarders help administrator configuring their grid without manually set\-up ssh tunnels which arguably is neither simple nor scalable. Log forwarders make it very easy configuring such topologies. .SH LICENSE AND COPYRIGHT .SS Copyright .sp (C)2011, GRAAL, INRIA Rhone\-Alpes, 46 allee d\(aqItalie, 69364 Lyon cedex 07, France all right reserved <\fI\%diet\-dev@ens\-lyon.fr\fP> .SS License .sp This program is free software: you can redistribute it and/or mod‐ ify it under the terms of the GNU General Public License as pub‐ lished by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Pub\- lic Li‐ cense for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <\fI\%http://www.gnu.org/licenses/\fP>. .SH AUTHORS .sp GRAAL INRIA Rhone\-Alpes 46 allee d\(aqItalie 69364 Lyon cedex 07, FRANCE Email: <\fI\%diet\-dev@ens\-lyon.fr\fP> WWW: \fI\%http://graal.ens\-lyon.fr/DIET\fP .SH SEE ALSO .sp omniNames(1), dietForwarder(1), LogCentral(1) .SH BUGS .sp On some systems, forwarder rules won\(aqt work unless you use IP addresses instead of hostnames .SH AUTHOR haikel.guemar@sysfera.com, kevin.coulomb@sysfera.com License: GPLv3 .SH COPYRIGHT DIET developers .\" Generated by docutils manpage writer. .