[syslog-ng] Filter out host from netmask range

jrhendri at roadrunner.com jrhendri at roadrunner.com
Mon Mar 31 17:24:10 CEST 2014 

cool.

  personally I like netmask since I have seen far too many broken syslog formats that mess with the HOST macros (although I have been told that parsing speed should be about the same either way)




---- Ian Hasund <ian at hasund.us> wrote: 
> Thanks.  I discovered my issue when testing.  I was using "host" and my server was sending as its hostname versus IP.  As soon as I changed to "netmask", this worked.
> 
> Thanks for the quick feedback.
> 
> /Ian
> 
> -----Original Message-----
> From: jrhendri at roadrunner.com [mailto:jrhendri at roadrunner.com] 
> Sent: Monday, March 31, 2014 10:54 AM
> To: Syslog-ng users' and developers' mailing list
> Cc: Ian Hasund
> Subject: Re: [syslog-ng] Filter out host from netmask range
> 
> Should be able to use booleans here, Either in the filter or in the log statement:
> 
> either within the filter:
> filter f_some_but_not_all {
>   netmask( "192.168.0.0/24") and
>   not ( (netmask("192.168.0.1/32") or
>         (netmask("192.168.0.11/32") );
> };
> 
> or like this
> filter f_home_net {
>   netmask("192.168.0.0/24");
> };
> 
> filter f_home_exclusions {
>    not ( netmask("192.168.0.1/32") or
>    netmask("192.168.0.11/32") );
> };
> 
> log {
>   source(s_network);
>   filter(f_home_net);
>   filter(f_home_exclusions);
>   destination(d_some_dest);
> };
> 
> Jim
> 
> ---- Ian Hasund <ian at hasund.us> wrote: 
> > I am trying to remove a specific set of hosts from a network range 
> > using filters.
> > 
> > for example, I have the following:
> > 
> > filter f_home_subnet {
> > 	(
> > 		netmask("192.168.0.0/24")
> > 	);
> > };
> > 
> > I now want to exclude some specific hosts, let's say 192.168.0.10 and 
> > 192.168.0.20.
> > 
> > My attempts of adding "not host" to the above doesn't seem to work.
> > 
> > Any pointers / suggestions would be greatly appreciated.
> > 
> > Thanks,
> > Ian
> > 
> > ______________________________________________________________________
> > ________ Member info: 
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: 
> > http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> > 
> 
>

More information about the syslog-ng mailing list