[syslog-ng][PATCH] netmask-filter

todd glassey todd.glassey@worldnet.att.net
Sun, 20 Jan 2002 06:45:29 -0800


I like it and all that it is missing is

    1)    A mechansim of proving delivery receipt - i.e. reliable delivery
of syslog information

    2)    A mechanism of watermarking or timestamping with a reliable time
abse so that the records can stand up to evidentiary use model
reqyuirements.

    3)    A uniform Syslog Event Query Interface (XDAS or DOORS compliant
would be nice too!).

Todd

----- Original Message -----
From: "Gert Menke" <>
To: <syslog-ng@lists.balabit.hu>
Sent: Saturday, January 19, 2002 4:17 PM
Subject: [syslog-ng][PATCH] netmask-filter


> Hi everybody,
>
> I have implemented a new filter for syslog-ng.
> You can now filter log messages based on their sender's IP address like
this:
>
>   # match a single host
>   filter f_noc21 { netmask("134.130.3.73"); };
>
>   # match a whole subnet
>   filter f_noc { netmask("134.130.3.0/255.255.255.0"); };
>
> I'll attach patches for syslog-ng versions 1.4.14 and 1.5.13.
>
> I have also made a small patch that fixes the behaviour of the emulated
> inet_aton function in utils.c. (It would not work with "255.255.255.255".)
> On some architectures you need this patch for my netmask-filter to work
> properly!
>
> Have fun and tell me what you think about it!
>
> Greetings
> Gert
>