[syslog-ng] Filter out host from netmask range
jrhendri at roadrunner.com
jrhendri at roadrunner.com
Mon Mar 31 16:53:58 CEST 2014
Should be able to use booleans here, Either in the filter or in the log statement:
either within the filter:
filter f_some_but_not_all {
netmask( "192.168.0.0/24") and
not ( (netmask("192.168.0.1/32") or
(netmask("192.168.0.11/32") );
};
or like this
filter f_home_net {
netmask("192.168.0.0/24");
};
filter f_home_exclusions {
not ( netmask("192.168.0.1/32") or
netmask("192.168.0.11/32") );
};
log {
source(s_network);
filter(f_home_net);
filter(f_home_exclusions);
destination(d_some_dest);
};
Jim
---- Ian Hasund <ian at hasund.us> wrote:
> I am trying to remove a specific set of hosts from a network range using
> filters.
>
> for example, I have the following:
>
> filter f_home_subnet {
> (
> netmask("192.168.0.0/24")
> );
> };
>
> I now want to exclude some specific hosts, let's say 192.168.0.10 and
> 192.168.0.20.
>
> My attempts of adding "not host" to the above doesn't seem to work.
>
> Any pointers / suggestions would be greatly appreciated.
>
> Thanks,
> Ian
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list