[syslog-ng] problem with matching IP address and \d regex operand

Phil.Newlon at wendysarbys.com Phil.Newlon at wendysarbys.com
Fri Oct 30 17:02:08 CET 2009

Martin -

> in short, what do you need the Kiwi servers for?

The (8) Kiwi boxes terminate Kiwi Secure Tunnel connections from 1450
locations, where the 9000 devices reside.  I've thought about sending the
streams from the Kiwis directly to the Envision boxes, but I never know
which Kiwi the stream from location 1234 will come from so I will not know
which RSA it will end up in. (The F5s distribute the connections, the
originating systems reboot every night, who knows where the tunnel will end
up from one day to another.)  We cannot exceed 3500 individual devices on
the RSAs, so we have to be able to explicitly control the streams, thus
syslog-ng :-)

All I DO know is that the originating IP is always in the syslog message,
so if I can match on a characteristic that will evenly split the streams I
am good to go.



<span style="font-size:78%;"><span style="font-family:arial;"><strong>Notice:</strong> This e-mail message and its attachments are the property of Wendy's/Arby's Group Inc. </span>
<span style="font-family:arial;">or one of its subsidiaries and may contain confidential or legally privileged information intended</span>
<span style="font-family:arial;">solely for the use of the addressee(s). If you are not an intended recipient, then any use, copying or</span>
<span style="font-family:arial;">distribution of this message or its attachments is strictly prohibited. If you received this message in</span>
<span style="font-family:arial;">error, please notify the sender and delete this message entirely from your system.</span></span>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091030/7862d07e/attachment.htm 

More information about the syslog-ng mailing list