[syslog-ng]Sort/filter logs on source IP address

Wayne Sweatt syslog-ng@lists.balabit.hu
Wed, 15 Oct 2003 12:11:53 -0600


I've asked this question before in a slightly different manner (Can I =
run
multiple instances of Syslog-NG - One for Mac OS X, one for other =
UNIX...),
but still have not a satisfactory answer to that on, so.. I'd thought =
I'd
ask a similar question and hope for a more definitive answer:

Is there a way to filter or regexp match an incoming UDP log by IP =
Address
so that logging clients from certain networks go to certain log
directories/destinations ?
For example, I want to log everything from 128.128.1.0 in =
/var/log/NetworkA,
and log everything from 128.128.2.0 in /var/log/NetworkB/.
I know host() will operate on hostname, but I don't want to have to =
maintain
a list of hosts to match against - I want it be dynamic, so when a new
client is added, it can log automatically to the appropriate directory.
Syslog-ng has the source IP with each log, so this shouldn't be a =
problem,
right?

I am using the latest version of syslog-ng, and UDP as the protocol.
Reminder: I do not want to know about TCP Wrappers, I don't want to =
block
IPs, just direct logs from certain IP subnets to certain
directories/file-systems.





 Wayne Sweatt
 Sr. UNIX System Administrator
 Comforce Technical Services
 LANL SCC Team