Use TCP Wrappers. Richard -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Daniel.N.Sferas@us.hsbc.Com Sent: Monday, July 21, 2003 8:59 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]List of Valid Source Addresess Bazsi, I am interested in filtering based on the sender's IP address. My preferred method would be to read a file containing the list of valid source IP addresses, automagically generated by our management system. The file could contain up to 6,000 entries. Dan syslog-ng-request@lists.balabit.hu@lists.balabit.hu on 18 Jul 2003 08:31 Please respond to syslog-ng@lists.balabit.hu Sent by: syslog-ng-admin@lists.balabit.hu To: syslog-ng@lists.balabit.hu Message: 1 To: syslog-ng@lists.balabit.hu From: Daniel.N.Sferas@us.hsbc.Com Date: Thu, 10 Jul 2003 06:13:55 -0400 Subject: [syslog-ng]List of Valid Source Addresess Reply-To: syslog-ng@lists.balabit.hu Greetings, I would like to be able to validate that incoming syslog messages from the network are from "Well known" sources. Is there a way for syslog-ng to parse the source address against a flat file of IP addresses or patterns? I hesitate to use a match string in the syslog-ng.conf file as the filter would be very large. I am using 1.6.0rc3. Thanks in advance for any tips. Dan Sferas ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************ --__--__-- Message: 2 Date: Thu, 10 Jul 2003 13:01:07 +0200 From: Balazs Scheidler <bazsi@balabit.hu> To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]List of Valid Source Addresess Reply-To: syslog-ng@lists.balabit.hu On Thu, Jul 10, 2003 at 06:13:55AM -0400, Daniel.N.Sferas@us.hsbc.Com wrote:

Greetings,

I would like to be able to validate that incoming syslog messages from the network are from "Well known" sources. Is there a way for syslog-ng to parse the source address against a flat file of IP addresses or patterns? I hesitate to use a match string in the syslog-ng.conf file as the filter would be very large.

do you want to filter based on sender IP address, or the hostname part? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************ _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html