[syslog-ng] netmask
Antonio Brown
abrown5 at gmail.com
Wed Dec 14 22:13:28 CET 2005
Hello All,
I was wondering which of the two formats below would you use when filtering
using syslog-ng:
filter f_pix { match(PIX) and not match("
1.2.3.4|1.2.3.4|1.2.3.4|1.2.3.4|netmask("
1.2.3.4/28")|netmask("1.2.3.4/20")|netmask("1.2.3.4/22")|netmask("1.2.3.4/28")
")
};
or......
filter f_pix { match(PIX)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(1.2.3.4)
and not match(netmask("1.2.3.4/28"))
and not match(netmask("1.2.3.4/20"))
and not match(netmask("1.2.3.4/22"))
and not match(netmask("1.2.3.4/28"))
};
I am currently using the latter, but it seems as if the individual ips and
subnets would only be filtered if ALL is true. Would using "|", like
in the first format, check for each individual ip or subnet and filter
accordingly? When I say filter I mean, I would like everything except for
the individual IPs and subnets specified. I am not certain that this is
appropriate format for filtering subnets, please advise....
Thank You, in advance for your assistance!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051214/81d3f8b5/attachment.htm
More information about the syslog-ng
mailing list