15 Feb
2009
15 Feb
'09
7:40 p.m.
Hi, On Sun, Feb 15, 2009 at 4:31 AM, Balazs Scheidler <bazsi@balabit.hu> wrote:
I'll see what I can do about this. What about the following idea: * make it possible to mark sources with tags * create a filter that matches tags
Then you could do something like:
source s_udp { udp(); tags(net); }; source s_tcp { tcp(); tags(net); };
filter f_net_messages { tags(net); };
log { flags(catch-all); filter(f_net_messages); destination(...); };
I'd have to work on the syntax a bit more, but I hope the general idea is visible.
Ah, interesting. Yes, I think this would work just fine. Joe