[syslog-ng]List of Valid Source Addresess

syslog-ng@lists.balabit.hu syslog-ng@lists.balabit.hu
Mon, 21 Jul 2003 11:59:20 -0400 


Bazsi,



I am interested in filtering based on the sender's IP address.  My
    preferred method would be to read a file containing the list of valid
    source IP addresses,

automagically generated by our management system.  The file could contain
    up to 6,000 entries.



Dan



syslog-ng-request@lists.balabit.hu@lists.balabit.hu on 18 Jul 2003 08:31

Please respond to syslog-ng@lists.balabit.hu

Sent by:    syslog-ng-admin@lists.balabit.hu




To:    syslog-ng@lists.balabit.hu


Message: 1
To: syslog-ng@lists.balabit.hu
From: Daniel.N.Sferas@us.hsbc.Com
Date: Thu, 10 Jul 2003 06:13:55 -0400
Subject: [syslog-ng]List of Valid Source Addresess
Reply-To: syslog-ng@lists.balabit.hu

Greetings,

 I would like to be able to validate that incoming syslog messages from the
network are from "Well known"  sources.  Is there a way for syslog-ng to
parse the source address against a flat file of IP addresses or patterns?
I hesitate to use a match string in the syslog-ng.conf file as the filter
would be very large.

 I am using 1.6.0rc3.

 Thanks in advance for any tips.

 Dan Sferas




************************************************************************
 This E-mail is confidential. It may also be legally privileged. If you
 are not the addressee you may not copy, forward, disclose or use any
 part of it. If you have received this message in error, please delete
 it and all copies from your system and notify the sender immediately
 by return E-mail.

 Internet communications cannot be guaranteed to be timely, secure,
 error or virus-free. The sender does not accept liability for any
 errors or omissions.
************************************************************************

--__--__--

Message: 2
Date: Thu, 10 Jul 2003 13:01:07 +0200
From: Balazs Scheidler <bazsi@balabit.hu>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]List of Valid Source Addresess
Reply-To: syslog-ng@lists.balabit.hu

On Thu, Jul 10, 2003 at 06:13:55AM -0400, Daniel.N.Sferas@us.hsbc.Com
wrote:
> Greetings,
>
>  I would like to be able to validate that incoming syslog messages from
the
> network are from "Well known"  sources.  Is there a way for syslog-ng to
> parse the source address against a flat file of IP addresses or patterns?
> I hesitate to use a match string in the syslog-ng.conf file as the filter
> would be very large.

do you want to filter based on sender IP address, or the hostname part?

--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1






************************************************************************
 This E-mail is confidential. It may also be legally privileged. If you
 are not the addressee you may not copy, forward, disclose or use any
 part of it. If you have received this message in error, please delete
 it and all copies from your system and notify the sender immediately
 by return E-mail.

 Internet communications cannot be guaranteed to be timely, secure,
 error or virus-free. The sender does not accept liability for any
 errors or omissions.
************************************************************************