Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to setup syslog-ng to filter based upon the source subnets this way i can use php-syslog and give different groups different lists. (the server can handle it w/o a problem) but i cannot get the netmask filter to work and i do not want to do individual host entries. i have tried google and the results i found didn't help i was either only getting one of the hosts or none.
thanks in advanced
edit:
feel free to close this, they were working. the order that i put them in made it appear as though they were not
yups, i just started playing with syslog servers after an incident last week. i knew syslog-ng was the right one for us but had never used it. it has only been used on our core and firewalls. we now needed all the information logged and since we have 1200 access points on campus and about another 300 switches/routers it only made sense to split it up
one of the filter i am using looks like this, if you want to see the rest of the config i would be glad to post it.
Code:
filter f_WiFi { netmask("10.100.51.0/255.255.254.0") or netmask("10.100.53.0/255.255.254.0")
or netmask("10.100.55.0/255.255.254.0") or netmask("10.100.57.0/255.255.254.0"); };
if it's at all interesting to you, i'm currently implementing syslog-ng in conjunction with splunk indexing the stored logs. together they make a real neat combination.
well this is for 1st line support and all sorts of low skilled IT staff, so whilst php-... is fine for basic stuff, within enterprise it's a long long way off... main problem i had is that splunk isn't naturally a syslog server, "just" a generic log message indexer / searching tool so for the syslog side, still needed somethign under the hood to interpret syslog itself.
the licensed versions of splunk are pretty awesome... the 3.0 beta won't load on any box i've tried it on this morning though!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.