[syslog-ng]Sort/filter logs on source IP address

[Amodiovalerio Verde]

define two filter that way :

filter webfarm { netmask("128.128.1.0/24");};
filter webfarm2 { netmask("128.128.2.0/24");};

and send them to different destinations

just remember that netmask will always (afaik) match against source ip (
i.e. if you have a forwarder it will THAT ip )


Amodiovalerio [Hypo] Verde

----- Original Message -----
From: "Wayne Sweatt" <sweatt@lanl.gov>
To: <syslog-ng@lists.balabit.hu>
Sent: Wednesday, October 15, 2003 8:11 PM
Subject: [syslog-ng]Sort/filter logs on source IP address


I've asked this question before in a slightly different manner (Can I run
multiple instances of Syslog-NG - One for Mac OS X, one for other UNIX...),
but still have not a satisfactory answer to that on, so.. I'd thought I'd
ask a similar question and hope for a more definitive answer:

Is there a way to filter or regexp match an incoming UDP log by IP Address
so that logging clients from certain networks go to certain log
directories/destinations ?
For example, I want to log everything from 128.128.1.0 in /var/log/NetworkA,
and log everything from 128.128.2.0 in /var/log/NetworkB/.
I know host() will operate on hostname, but I don't want to have to maintain
a list of hosts to match against - I want it be dynamic, so when a new
client is added, it can log automatically to the appropriate directory.
Syslog-ng has the source IP with each log, so this shouldn't be a problem,
right?

I am using the latest version of syslog-ng, and UDP as the protocol.
Reminder: I do not want to know about TCP Wrappers, I don't want to block
IPs, just direct logs from certain IP subnets to certain
directories/file-systems.





 Wayne Sweatt
 Sr. UNIX System Administrator
 Comforce Technical Services
 LANL SCC Team



_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html