[syslog-ng] Newbie Looking for Help
Brian Candler
B.Candler at pobox.com
Fri May 12 12:49:00 CEST 2006
On Thu, May 11, 2006 at 06:54:16PM -0400, Mark R. White wrote:
> I want to setup a syslog-ng server to do syslogging for my network. So far
> it's easy, the part I'm having trouble with, and I'm not even sure if it's
> possible, is I want to log by device to it's own individual syslog file.
If "by device" you mean "by source IP address of the syslog packet", then
you need the netmask() filter.
netmask("10.1.2.3"); -- match from this IP only
netmask("10.1.0.0/255.255.0.0"); -- match from this netblock
Note that the current released syslog-ng has a bug where conditions like
"not netmask(...)" are broken, they are treated as "netmask(...)"
HTH,
Brian.
More information about the syslog-ng
mailing list