[rsyslog] Filtering on a group of IP's
Ray Van Dolson
rvandolson at esri.com
Sat Mar 14 00:18:14 CET 2009
I'm trying to shunt a bunch of logs from a group of IP's (about 10 IP's
or so) to a fifo.
Is the best way to do this with a property filter like the following?
$template SplunkPipe,"|/logs/splunk/splunk.fifo"
:fromhost-ip, isequal, "10.1.5.3"
*.* -?SplunkPipe
And how would I easily specify many 10 IP's? I'm thinking it would be
slick to be able to find a "netgroup" that has the member IP's I want
then just have my selector match against that netgroup. Is that sort
of magic possible?
Unfortunately I'm using rsyslog with RHEL5 which is only v2.0.6.
Examples appreciated. :)
Ray
More information about the rsyslog
mailing list