[syslog-ng]Filter question.

[Balazs Scheidler]

On Mon, Apr 28, 2003 at 11:01:02PM -0400, Jay Davis wrote:
> If I set up a filter to allow messages from a wide spectrum of systems.
> (whole subnets) can I block a particular host that is a potential flood
> device. i.e. allow 10.1.20.* but block 10.1.20.36?

you can use the netmask() filter like this:

filter f_ip { netmask("10.1.20.0/24") and not netmask("10.1.20.36"); };

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1