[syslog-ng] Quick filter question again
Lay, James
james.lay at wincofoods.com
Thu Dec 22 17:20:35 CET 2011
> > My issues is, this will match not only say 66.220.1.1, but also
> > 166.220.1.1. I've tried changing to:
> >
> > message(" 66\.220\.")
> >
> > but that'd didn't fly. Any suggestions on how to more exactly match
IP
> > blocks? Thanks all.
>
> If you want to match the sending IPs, netmask() is the way to
> go.
>
> Otherwise something like message("[^0-9]?66\.220\.") might
> work. That should catch anything beginning with 66.220, and everything
> else that has a non-number followed by this string.
Excellent...I will give that a go. Netmask() would be nice, but alas,
I'm matching IP's within the message content, not a sending IP. Thanks
for the quick response and information.
James
More information about the syslog-ng
mailing list