[syslog-ng] Quick filter question
Frank Collette
FCollette at trustmark.com
Tue Nov 8 16:35:37 CET 2011
filter f_firewall {
not (
program("firewall" flags(ignore-case)) and
message("169\.254\.[0-9]+\.[0-9]+" value("MESSAGE"));
)
};
Thanks,
Frank E. Collette IV
Technical Services
Systems Administrator II
Trustmark National Bank
Office: 601-208-7517
Fax: 601-208-6105
fcollette at trustmark.com
From: "Lay, James" <james.lay at wincofoods.com>
To: <syslog-ng at lists.balabit.hu>
Date: 11/08/2011 09:14 AM
Subject: [syslog-ng] Quick filter question
Sent by: syslog-ng-bounces at lists.balabit.hu
Hey all!
Real quick…trying to filter OUT firewall hits that have say…169.254. Will
this do the trick?
filter f_firewall {
not program (firewall flags(ignore-case));
and not message("169\.254\.[0-9]+\.[0-9]+");
};
Thanks all.
James
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111108/d0200d95/attachment.htm
More information about the syslog-ng
mailing list