[syslog-ng] Ip filtering
Chris Bland
chris at fdu.edu
Thu Feb 12 21:33:03 CET 2009
Hi guys,
I am having a problem filtering based on ip address. My predecessor had
a config file with over 240 hosts. I just upgraded to 2.0.10-1 and
starting getting YACC overflow stack errors. I condensed the config
file by using regex. If I stop using DNS everything works fine.
What I am trying to do is filter based on ip address and have each log
stored in a directory with the servers dns name.
My config looks like this
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
keep_hostname (yes);
use_dns (yes);
use_fqdn (no);
create_dirs (no);
};
destination servers {
file("/var/log/syslog-ng/hosts/$HOST_FROM/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"
owner(root) group(staff) perm(0650)
dir_perm(0750) create_dirs(yes)); };
destination teaneck {
file("/var/log/syslog-ng/network/TEANECK/$HOST_FROM/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"
owner(root) group(staff) perm(0650)
dir_perm(0750) create_dirs(yes)); };
destination dslswitches {
file("/var/log/syslog-ng/network/TEANECK/Dslswitches/$HOST_FROM/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"
owner(root) group(staff) perm(0650)
dir_perm(0750) create_dirs(yes)); };
filter f_teaneck { netmask("132.238.11.0/24"); };
filter f_usas { host("132.238.(7|8).*$"); };
filter f_dslswitches { host("132.238.21.40"); };
log { source(s_network); filter(f_usas);
destination(servers); };
log { source(s_network); filter(f_teaneck);
destination(teaneck); };
log { source(s_network); filter(f_dslswitches);
destination(dslswitches); };
The netmask filters work by my host filters don't
-Chris
More information about the syslog-ng
mailing list