Balazs Scheidler wrote:
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition source network { tcp( ip(xxxx) ); }; where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be source network { tcp( bind(xxxx) ); }; since the bind address MUST be ip since the definition is already defined to be tcp. I think it is a little counter intuitive even within the scope of syslog-ng. Evan.
An aside , Can one do the 'Formatting' like my example above , again no examples show up like that , but I am hopeful .
To do that you need the netmask() filter. Next time I'll go looking at the Blog at Gmane first before shooting my mouth off . netmask was just the hint I needed . Tho it sure would be nice for netmask() to support the /xx bits netmask format .
It does support this format.
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria