[syslog-ng] Regex Solaris from Linux hosts in Syslog-ng config file

PÁSZTOR György pasztor at linux.gyakg.u-szeged.hu
Sun Nov 1 19:55:21 CET 2015


"Jakub Jankowski" <shasta at toxcorp.com> írta 2015-11-01 11:57-kor:
> Well, how is this any better than specifying client's IP 
> addresses/hostnames in syslog-ng.conf?

Which one do you think of?
The more source port idea, or the ipset one?

> Let me suggest another idea: if Vijay has control over client's 
> hostname, you could devise a simple host naming scheme, where you encode 
> some metadata in client's hostname, for example: you could name all 
> Solaris client's with a hostname that starts with "s", and all Linux 
> clients with a hostname that starts with "l", then it's dead easy to 
> match that in syslog-ng configuration. Downside is that it is painful to 

I do not like assumptions.
But I think, if vijay's problem's root that there were bad planning about
their network's stucture or there were no planning at all, then this idea
will not help either.
However, hostnames can be "override" with a local hosts file, which is only
used by syslog-ng.

> introduce. But you could use a mixed approach, where all the existing 
> clients keep their hostnames (and you put them explicitly in the 
> filter), and all the new ones get named with this naming scheme.

However, if we keep at this idea, that we want to distinct the hosts by
their names / ip. I would still insist at the distinction by ip.
With good organizing they could be grouped well, so a minimal amount of
netmask() filter would fit well.


More information about the syslog-ng mailing list