[syslog-ng] Spock, Is my logic sound ?

Scheidler, Balázs balazs.scheidler at balabit.com
Tue Feb 16 22:02:43 CET 2016


On Feb 16, 2016 5:16 PM, "Scot" <scotrn at gmail.com> wrote:
>
> Not easily without sending some sensitive data.
>
> I take it the rule set logic seems correct then  ?
>
> This filter will remove data from both/either subnet from a message
stream,
> filter      f_network  {not netmask("192.168.238.0/24") and not netmask("
192.168.239.0/24") ; };

Yup

>
> These rules work in the same concatenation way ?
> filter(f_network); filter(f_audit); filter(f_mcafee); destination
(d_remote);

Filters are ANDed together. So all filters must match.
>
>
> On Tue, Feb 16, 2016 at 9:28 AM, PÁSZTOR György <
pasztor at linux.gyakg.u-szeged.hu> wrote:
>>
>> Hi,
>>
>> "Scot" <scotrn at gmail.com> írta 2016-02-16 09:22-kor:
>> > I'm still getting stuff on nmsloghost that I think should be filtered
out.
>>
>> Can you show us an example, which is forwarded to nmsloghost,
>> but should be filtered out?
>> A simple .pcap file, or "grep" or anything would be nice.
>>
>> Cheers,
>> Gyu
>>
______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
>
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160216/5edf4faa/attachment.htm 


More information about the syslog-ng mailing list