Match host with IP address when using use_dns?
Couldn't seem to find an answer to this in the documentation. Is it possible to the have the use_dns(yes) option enabled but match hosts based on their IP address? I want to be able to write files as their FQDN but fo the REGEX matching based on the IP address. I can get this to work when I disable the use_dns(yes) option but then the files are the IP. I don't want to match based on hostnames. example: destination net_host_all { file("/tmp/$HOST"); }; filter f_hosts_all { host("^10\.201\.140\.*") or host("^10\.201\.150\.*") or host("^192\.168\.0\.[0-3][0-9]"); }; log { source(net); filter(f_hosts_all); destination(net_host_all); flags(final); }; While I'm hear might as well kill two birds with one stone. Can someone give ma a real life example of the practical use of using the fallback option? I must be inept because I can't see a valid reason to have it that the final/catchall statement couldn't do (with proper logical placements of the log statements in the configuration). MPR. -- "I am kind of a paranoiac in reverse. I suspect people of plotting to make me happy." - J.D. Salinger
On Thu, May 08, 2003 at 02:54:21PM -0400, Marco P. Rodrigues wrote:
Couldn't seem to find an answer to this in the documentation.
Is it possible to the have the use_dns(yes) option enabled but match hosts based on their IP address? I want to be able to write files as their FQDN but fo the REGEX matching based on the IP address. I can get this to work when I disable the use_dns(yes) option but then the files are the IP. I don't want to match based on hostnames.
example:
destination net_host_all { file("/tmp/$HOST"); }; filter f_hosts_all { host("^10\.201\.140\.*") or host("^10\.201\.150\.*") or host("^192\.168\.0\.[0-3][0-9]"); };
use netmask("ip/mask"); -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Marco P. Rodrigues