[rsyslog-notify] Forum Thread: can you use regex to filter fromhost-ip? - (Mode 'post')

[noreply at adiscon.com]

User: mwk at umn.edu 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25206#p25206

Message: 
----------
I have two different clustered systems sharing the same vlan. The nodes do
not have unique FQDN's (their FQDN's are their ip address.our.domain.) 
There's a large one and a small one. Large is prod, small is test.  Large
has all the ip address' from 192.168.206.0 - 202. Small has
192.168.206.238-249.  I'm using if $fromhost-ip startswith '192.168.206.'
for most things because the small system is a test system. For the most
part I didn't care if it's logging activity polluted prod's logging since
it had very little traffic. 

But now I'm changing logging levels in test in preparation for file system
auditing and the amount of messages from the test system has jumped 100
fold so I finally got around to figuring out how to separate them.  

Is there a way to use regex or something to separate this traffic out? I
need to have each system dropping all their messages into one file because
trying to troll through ~200 %hostname%.txt files for a problem or an error
is not practical.   
I guess I'm trying to avoid having to create a ruleset (which I had in the
past) for each possible IP address which is not that hard but I'm assuming
as my rsyslog.conf file balloons in length my processing will slow down and
things will get missed.