Hello,

I am trying to setup syslog-ng to filter based upon the source subnets this way i can use php-syslog and give different groups different lists. (the server can handle it w/o a problem) but i cannot get the netmask filter to work and i do not want to do individual host entries. i have tried google and the results i found didn't help i was either only getting one of the hosts or none.

thanks in advanced


edit:
feel free to close this, they were working. the order that i put them in made it appear as though they were not

hmm, never knew that filter existed... interesting.

yups, i just started playing with syslog servers after an incident last week. i knew syslog-ng was the right one for us but had never used it. it has only been used on our core and firewalls. we now needed all the information logged and since we have 1200 access points on campus and about another 300 switches/routers it only made sense to split it up

one of the filter i am using looks like this, if you want to see the rest of the config i would be glad to post it.

if it's at all interesting to you, i'm currently implementing syslog-ng in conjunction with splunk indexing the stored logs. together they make a real neat combination.

splunk sounds alot like php-syslog-ng (http://www.phpwizardry.com/php-syslog-ng.php) but looks far more advanced *judging by the site*

did you look at php-syslog? or just go straight to splunk? is it worth switching...there is a demo on the other site for comparison if you want...

well this is for 1st line support and all sorts of low skilled IT staff, so whilst php-... is fine for basic stuff, within enterprise it's a long long way off... main problem i had is that splunk isn't naturally a syslog server, "just" a generic log message indexer / searching tool so for the syslog side, still needed somethign under the hood to interpret syslog itself.

the licensed versions of splunk are pretty awesome... the 3.0 beta won't load on any box i've tried it on this morning though!