[rsyslog-notify] Forum Thread: Re: Matching many source IPs with 3 actions - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Jun 15 02:43:18 CEST 2016
User: atticus
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26598#p26598
Message:
----------
After looking at the documentation , I came across this excerpt:
if $programname == ["apache_access",
"apache_error",
"mysql",
"php"]
then {
action(type="omfile" DynaFile="DailyPerHost_app")
stop
}
I'm embarrassed to say I think I missed the forest for the trees, but the
array is
["apache_access",
"apache_error",
"mysql",
"php"]
Correct? Then in my case, I would have something for if ip address == one
of 20 values (that I checking to see if it gets sent to a particular remote
server) Then, for multiple groups of addresses to check for several remote
hosts, then my array could be something like:
if $ipaddress == ["10.1.1.1",
"10.1.1.2",
"10.1.1.3",
etc}
then @@ 172.16.1.1
stop
if $ipaddress ==(next group of addresses in a new array)
then @@ 172.16.2.1
stop
etc
If this is correct, then I have three more questions:
The main value of doing this is that it's much more compact than chained or
this, or that, then ...and it should sort faster, correct?
Is there a way I can put the array in a file in rsyslog.d that I can do an
include on? I assume there would be an array title; how would I reference
it in the rsyslog.conf?
is there a way I can use net masks in here somehow (assuming the networks
were "properly" subnetted? Maybe this can be done using $ipaddress
contains, or other parameter options with $ipaddress.
Thanks again for your help. I think (am hoping) I'm pretty close. This
sure looks like the way to go.
More information about the rsyslog-notify
mailing list