On Wed, 2005-07-13 at 16:07 -0400, Al Tobey wrote:
I'm trying to use the netmask filter to create a separate logfile for all of our network devices (Cisco gear) logging to our central syslog-ng log sink. The interfaces doing the syslogging are all on specific subnets, so I'd like to filter on subnet rather than by hosts. Lo, and behold, syslog-ng has a netmask() filter. It doesn't appear to work, though, since none of the variations I've tried have managed to log anything near the correct data to the destination. I either get nothing or everything.
For one thing, it'd be nice to see the documentation updated to specify whether to use cidr or dot notation (/24 v.s. 255.255.255.0). Using cidr notation resulted in no apparent filtering. Using dot notation caused nothing to land in the file.
Is anybody else using this successfully that can share a working example? Am I missing something silly?
The netmask filter was contributed, but judging the source it expects dot notation and based on some basic tests here it works fine. -- Bazsi