[syslog-ng]List of Valid Source Addresess

Richard E. Perlotto II syslog-ng@lists.balabit.hu
Mon, 21 Jul 2003 14:47:39 -0700 

Use TCP Wrappers.


Richard

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu =
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of =
Daniel.N.Sferas@us.hsbc.Com
Sent: Monday, July 21, 2003 8:59 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]List of Valid Source Addresess





Bazsi,



I am interested in filtering based on the sender's IP address.  My
    preferred method would be to read a file containing the list of =
valid
    source IP addresses,

automagically generated by our management system.  The file could =
contain
    up to 6,000 entries.



Dan



syslog-ng-request@lists.balabit.hu@lists.balabit.hu on 18 Jul 2003 08:31

Please respond to syslog-ng@lists.balabit.hu

Sent by:    syslog-ng-admin@lists.balabit.hu




To:    syslog-ng@lists.balabit.hu


Message: 1
To: syslog-ng@lists.balabit.hu
From: Daniel.N.Sferas@us.hsbc.Com
Date: Thu, 10 Jul 2003 06:13:55 -0400
Subject: [syslog-ng]List of Valid Source Addresess
Reply-To: syslog-ng@lists.balabit.hu

Greetings,

 I would like to be able to validate that incoming syslog messages from =
the network are from "Well known"  sources.  Is there a way
for syslog-ng to parse the source address against a flat file of IP =
addresses or patterns? I hesitate to use a match string in the
syslog-ng.conf file as the filter would be very large.

 I am using 1.6.0rc3.

 Thanks in advance for any tips.

 Dan Sferas




************************************************************************
 This E-mail is confidential. It may also be legally privileged. If you  =
are not the addressee you may not copy, forward, disclose
or use any  part of it. If you have received this message in error, =
please delete  it and all copies from your system and notify the
sender immediately  by return E-mail.

 Internet communications cannot be guaranteed to be timely, secure,  =
error or virus-free. The sender does not accept liability for
any  errors or omissions.
************************************************************************

--__--__--

Message: 2
Date: Thu, 10 Jul 2003 13:01:07 +0200
From: Balazs Scheidler <bazsi@balabit.hu>
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]List of Valid Source Addresess
Reply-To: syslog-ng@lists.balabit.hu

On Thu, Jul 10, 2003 at 06:13:55AM -0400, Daniel.N.Sferas@us.hsbc.Com
wrote:
> Greetings,
>
>  I would like to be able to validate that incoming syslog messages=20
> from
the
> network are from "Well known"  sources.  Is there a way for syslog-ng=20
> to parse the source address against a flat file of IP addresses or=20
> patterns? I hesitate to use a match string in the syslog-ng.conf file=20
> as the filter would be very large.

do you want to filter based on sender IP address, or the hostname part?

--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C =
8EB1






************************************************************************
 This E-mail is confidential. It may also be legally privileged. If you  =
are not the addressee you may not copy, forward, disclose
or use any  part of it. If you have received this message in error, =
please delete  it and all copies from your system and notify the
sender immediately  by return E-mail.

 Internet communications cannot be guaranteed to be timely, secure,  =
error or virus-free. The sender does not accept liability for
any  errors or omissions.
************************************************************************
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu =
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html