[syslog-ng] Filter out host from netmask range
Ian Hasund
ian at hasund.us
Mon Mar 31 17:18:16 CEST 2014
Thanks. I discovered my issue when testing. I was using "host" and my server was sending as its hostname versus IP. As soon as I changed to "netmask", this worked.
Thanks for the quick feedback.
/Ian
-----Original Message-----
From: jrhendri at roadrunner.com [mailto:jrhendri at roadrunner.com]
Sent: Monday, March 31, 2014 10:54 AM
To: Syslog-ng users' and developers' mailing list
Cc: Ian Hasund
Subject: Re: [syslog-ng] Filter out host from netmask range
Should be able to use booleans here, Either in the filter or in the log statement:
either within the filter:
filter f_some_but_not_all {
netmask( "192.168.0.0/24") and
not ( (netmask("192.168.0.1/32") or
(netmask("192.168.0.11/32") );
};
or like this
filter f_home_net {
netmask("192.168.0.0/24");
};
filter f_home_exclusions {
not ( netmask("192.168.0.1/32") or
netmask("192.168.0.11/32") );
};
log {
source(s_network);
filter(f_home_net);
filter(f_home_exclusions);
destination(d_some_dest);
};
Jim
---- Ian Hasund <ian at hasund.us> wrote:
> I am trying to remove a specific set of hosts from a network range
> using filters.
>
> for example, I have the following:
>
> filter f_home_subnet {
> (
> netmask("192.168.0.0/24")
> );
> };
>
> I now want to exclude some specific hosts, let's say 192.168.0.10 and
> 192.168.0.20.
>
> My attempts of adding "not host" to the above doesn't seem to work.
>
> Any pointers / suggestions would be greatly appreciated.
>
> Thanks,
> Ian
>
> ______________________________________________________________________
> ________ Member info:
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
More information about the syslog-ng
mailing list