[syslog-ng]syslog-ng and regex

Micha Holzmann syslog-ng@lists.balabit.hu
Mon, 24 Feb 2003 20:40:27 +0100


--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello Davind,

David Mallwitz wrote:
> Micha,
> 	Since you are using private IP addressing space, and you don't=20
> 	indicate that you have a DNS set up to resolve the xenia and kaliba name=
s=20
> it may be better for you to try something like:
>=20
> filter xenia { host("192.168.1.2"); };

sorry that i do not mention it. I am using djbdns as DNS Server.
The filter statement "filter f_xenia { match("xenia"); };" should
catch syslog messages like this:

Feb 24 15:57:08 xenia EoChn: IN=3Dppp0 OUT=3D MAC=3D SRC=3D217.126.110.12 \
 DST=3D217.227.156.180 LEN=3D46 TOS=3D0x00 PREC=3D0x00 TTL=3D115 ID=3D44191=
 \
 PROTO=3DUDP SPT=3D1260 DPT=3D4665 LEN=3D26=20

It was not intend to catch the host primary. Just match the string xenia
in the correspondig syslog message.

Is (from this point of view) my filter statement right?

Best regards,
Micha Holzmann

--=20
rm -rf;
remote mail; real fast.

--/04w6evG8XlLl3ft
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+WnUrZrmPvQ66gg8RAjhcAKCdE3932PhGjOgrpALj95IhwPLTnQCfY+yL
cupUblI6P2M33qngw7oLaxM=
=2EJ4
-----END PGP SIGNATURE-----

--/04w6evG8XlLl3ft--