[syslog-ng] Quick filter question again
Gergely Nagy
algernon at balabit.hu
Thu Dec 22 17:18:16 CET 2011
"Lay, James" <james.lay at wincofoods.com> writes:
> Hope this is quick/easy. So I'm matching IP's that I don't want to
> see...filter below:
>
> message("66\.220\.")
>
> My issues is, this will match not only say 66.220.1.1, but also
> 166.220.1.1. I've tried changing to:
>
> message(" 66\.220\.")
>
> but that'd didn't fly. Any suggestions on how to more exactly match IP
> blocks? Thanks all.
If you want to match the sending IPs, netmask() is the way to
go.
Otherwise something like message("[^0-9]?66\.220\.") might
work. That should catch anything beginning with 66.220, and everything
else that has a non-number followed by this string.
--
|8]
More information about the syslog-ng
mailing list