[syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
Evan Rempel
erempel at uvic.ca
Mon Feb 19 18:02:15 CET 2007
Balazs Scheidler wrote:
> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>
>> Ok . IMO counter intuitive , Tho reasonable with your explanation .
>> One is very used to the 'source' in FW/router/...'s as being the source
>> device(s) IP from where a packet came from .
>
> syslog-ng is not a firewall :) this is sometimes strange to me as well,
> being involved in firewall products as well. But putting the joke aside,
> syslog-ng is a "syslog message pipe" processor: sources generate
> messages, destinations serve as message sinks. Some filtering here and
> there, that's about syslog-ng's internal structure.
>
> So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding
in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
Evan.
>
>> An aside , Can one do the 'Formatting' like my example above , again
>> no examples show up like that , but I am hopeful .
>>
>>
>>> To do that you need the netmask() filter.
>> Next time I'll go looking at the Blog at Gmane first before shooting my
>> mouth off . netmask was just the hint I needed .
>> Tho it sure would be nice for netmask() to support the /xx bits netmask
>> format .
>
> It does support this format.
>
--
Evan Rempel erempel at uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria
More information about the syslog-ng
mailing list