[syslog-ng] Spock, Is my logic sound ?

Scot scotrn at gmail.com
Tue Feb 16 17:15:55 CET 2016


Not easily without sending some sensitive data.

I take it the rule set logic seems correct then  ?

This filter will remove data from both/either subnet from a message stream,
filter      f_network  {not netmask("192.168.238.0/24") and not netmask("
192.168.239.0/24") ; };

These rules work in the same concatenation way ?
filter(f_network); filter(f_audit); filter(f_mcafee); destination
(d_remote);


On Tue, Feb 16, 2016 at 9:28 AM, PÁSZTOR György <
pasztor at linux.gyakg.u-szeged.hu> wrote:

> Hi,
>
> "Scot" <scotrn at gmail.com> írta 2016-02-16 09:22-kor:
> > I'm still getting stuff on nmsloghost that I think should be filtered
> out.
>
> Can you show us an example, which is forwarded to nmsloghost,
> but should be filtered out?
> A simple .pcap file, or "grep" or anything would be nice.
>
> Cheers,
> Gyu
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160216/aa914a24/attachment.htm 


More information about the syslog-ng mailing list