[syslog-ng] netmask() filter
Balazs Scheidler
bazsi at balabit.hu
Thu Jul 14 10:13:59 CEST 2005
On Wed, 2005-07-13 at 16:07 -0400, Al Tobey wrote:
> I'm trying to use the netmask filter to create a separate logfile for
> all of our network devices (Cisco gear) logging to our central
> syslog-ng log sink. The interfaces doing the syslogging are all on
> specific subnets, so I'd like to filter on subnet rather than by
> hosts. Lo, and behold, syslog-ng has a netmask() filter. It
> doesn't appear to work, though, since none of the variations I've
> tried have managed to log anything near the correct data to the
> destination. I either get nothing or everything.
>
> For one thing, it'd be nice to see the documentation updated to
> specify whether to use cidr or dot notation (/24 v.s. 255.255.255.0).
> Using cidr notation resulted in no apparent filtering. Using dot
> notation caused nothing to land in the file.
>
> Is anybody else using this successfully that can share a working
> example? Am I missing something silly?
The netmask filter was contributed, but judging the source it expects
dot notation and based on some basic tests here it works fine.
--
Bazsi
More information about the syslog-ng
mailing list