Hello All,
I was wondering which of the two formats below would you use when filtering using syslog-ng:
filter f_pix { match(PIX)
and not
match("1.2.3.4|1.2.3.4|1.2.3.4|1.2.3.4|netmask("1.2.3.4/28")|netmask("1.2.3.4/20")|netmask("1.2.3.4/22")|netmask("1.2.3.4/28")
")
};
or......
filter f_pix { match(PIX)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(netmask("1.2.3.4/28"))
and not match(netmask("1.2.3.4/20"))
and not match(netmask("1.2.3.4/22"))
and not match(netmask("1.2.3.4/28"))
};
I am currently using the latter, but it seems as if the individual ips
and subnets would only be filtered if ALL is true. Would using "|", like
in the first format, check for each individual ip or subnet and filter
accordingly? When I say filter I mean, I would like everything except
for the individual IPs and subnets specified. I am not certain that
this is appropriate format for filtering subnets, please advise....
Thank You, in advance for your assistance!!!