|
|
Re: regex and priority(local7) question: msg#00008
syslog-ng
|
Subject: |
Re: regex and priority(local7) question |
Ted,
Thank you for the reply, Ill give this a try.
Sincerely,
Christopher M Downs
Rule, Ted wrote:
This config snippet works for me .... my PIXies are set to log via TCP1468
rather than UDP/514.
Real IP Addresses replaced with fakes. As with your situation, I have other
network
gear running on local7 as well. Syslog-ng's wonderful filtration allows for a
nice separation
of all the classes of switch/router/firewall/VPN-bricks.
Ted
......
source local {
unix_stream("/dev/log" max-connections(200) keep-alive(yes) );
# UDP listeners for Internal syslog-ng interconnections
udp(ip(127.0.0.1) port(514));
udp(ip(1.2.3.4) port(514));
};
source pixtcp {
tcp(ip(1.2.3.4) port(1468)
max-connections(10) keep-alive(yes));
};
filter f_local7 { facility(local7) and level(debug..emerg); };
filter f_pixmsg { match("%PIX"); };
filter f_misclocal7 { filter(f_local7)
and not filter(f_pixmsg); };
destination d_local7 { file("/var/log/local7.debug" sync(0) ); };
destination d_pixlog { file("/var/log/pixlog.debug" sync(0) ); };
log { source(pixtcp);
filter(f_local7); filter(f_pixmsg); destination(d_pixlog); };
log { source(local); filter(f_misclocal7); destination(d_local7); };
......
-----Original Message-----
From: syslog-ng-admin@xxxxxxxxxxxxxxxx
[mailto:syslog-ng-admin@xxxxxxxxxxxxxxxx] On Behalf Of cdowns
Sent: Monday 01 March 2004 17:11
To: syslog-ng@xxxxxxxxxxxxxxxx
Subject: [syslog-ng]regex and priority(local7) question
Good Morning,
Im new to the list and have a couple questions.
I have a PIX firewalls logging on local7.info, how can I
match this
correctly ? I also have switches logging on local7.info but I
need this
one pix removed and placed into its own destination.
Where can i get a list of the regex syntax used in
syslog-ng ? like
perl / awk / grep etc.. .
Here is what I currently have:
------ Snip -------
## Regex
filter f_fw01 {
host("x.x.x.x") and match("PIX");
};
filter f_fw02 {
host("x.x.x.x") and match("PIX");
};
filter f_fw03 {
host("x.x.x.x") and match("PIX");
};
filter f_fw04 {
host("x.x.x.x") and match("PIX");
};
#!!! not working yet.. .
filter f_pix{
facility(local7) and match("%PIX*");
};
filter f_iss {
match("issDaemon");
};
filter f_snmp {
match("ucd-snmp");
};
## everything else incoming
filter f_local7 { facility(local7); };
----- snip ------
TIA.
~!>D
_______________________________________________
syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
************************************************************************************************
This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.
If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
************************************************************************************************
_______________________________________________
syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng@xxxxxxxxxxxxxxxx
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
|
|
