[syslog-ng] Regex Solaris from Linux hosts in Syslog-ng config file
pasztor at linux.gyakg.u-szeged.hu
Sun Nov 1 19:55:21 CET 2015
"Jakub Jankowski" <shasta at toxcorp.com> írta 2015-11-01 11:57-kor:
> Well, how is this any better than specifying client's IP
> addresses/hostnames in syslog-ng.conf?
Which one do you think of?
The more source port idea, or the ipset one?
> Let me suggest another idea: if Vijay has control over client's
> hostname, you could devise a simple host naming scheme, where you encode
> some metadata in client's hostname, for example: you could name all
> Solaris client's with a hostname that starts with "s", and all Linux
> clients with a hostname that starts with "l", then it's dead easy to
> match that in syslog-ng configuration. Downside is that it is painful to
I do not like assumptions.
But I think, if vijay's problem's root that there were bad planning about
their network's stucture or there were no planning at all, then this idea
will not help either.
However, hostnames can be "override" with a local hosts file, which is only
used by syslog-ng.
> introduce. But you could use a mixed approach, where all the existing
> clients keep their hostnames (and you put them explicitly in the
> filter), and all the new ones get named with this naming scheme.
However, if we keep at this idea, that we want to distinct the hosts by
their names / ip. I would still insist at the distinction by ip.
With good organizing they could be grouped well, so a minimal amount of
netmask() filter would fit well.
More information about the syslog-ng