[rsyslog-notify] Forum Thread: Matching many source IPs with 3 actions - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Jun 9 21:19:12 CEST 2016
User: atticus
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26566#p26566
Message:
----------
Hello, everyone. I have the following situation:
1) I'll be receiving messages from 3 different groups. Each has a
(possibly) a fair number of individual ip addresses.
2) I need to filter messages by these 3 groups, then take the following
actions.
a) send it to a local file server
b) send it to each groups' central log server
The problems I see here are
1) The ruleset could have a lot of "if ipaddress = address)
a) For each one of these that matched, I have the 2 actions that must be
performed for each group that address matches for
b) This logic would be the same except it would be separated by group.
Does anyone have any suggestions for how to reduce the number of "if
ipaddress" = and the subsequent logic? It would have to be repeated for
the addresses in all 3 groups. Thanks in advance,
atticus
More information about the rsyslog-notify
mailing list