[syslog-ng] Linux or OS fingerprint filter

Nagy, Gábor gabor.nagy at balabit.com
Thu Mar 29 08:57:31 UTC 2018


Hi,

You can try to use hostnames, but if the message does not have hostname
info, then you can't decide.
Without any additional information in the log message coming from the hosts
I don't know how to do it.
But for this you would need to control the message format of every hosts
that can send message to your server....

Otherwise it would be easy using tags locally at the specific sources:
https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tagging-messages.html

Regards,
Gabor

On Wed, Mar 28, 2018 at 6:29 PM, Scot <scotrn at gmail.com> wrote:

>
> Pretty sure I know the answer but just maybe..
>
>
> Anyone have a solution OS fingerprint type filters ?
> Solaris, Linux vs Cisco for example.
>
> Immediate need is to pluck all Linux host from 514.
>
> Thanks !
> Scot
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180329/96c8b9ec/attachment.html>


More information about the syslog-ng mailing list