[syslog-ng][PATCH] netmask-filter

[Gert Menke]

Hi!

> I like it and all that it is missing is
Thanks, but I don't see what those things have to do with my patch?

>     1)    A mechansim of proving delivery receipt - i.e. reliable delivery
> of syslog information
Hm, using tcp insted of udp could improve things a bit, but not every
syslogd supports that.

>     2)    A mechanism of watermarking or timestamping with a reliable time
> abse so that the records can stand up to evidentiary use model
> reqyuirements.
Yes, that could be useful. I heard about a program called multilog a few
days ago; IIRC it is able to do such things. (You would need to pipe your
syslog data to multilog via destination{program("multilog...");}; or so.)
Does anybody on this list know more about this?

BTW: Is it possible to customize the logfile format of syslog-ng?
I would like something like:
<local timestamp><source ip><host><sender's timestamp><message>

>     3)    A uniform Syslog Event Query Interface (XDAS or DOORS compliant
> would be nice too!).
Could you explain that a little more?

Greetings
Gert