> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Friday, March 20, 2009 12:45 AM > To: rsyslog-users > Subject: Re: [rsyslog] Separating Log files based on partial IP match > > On Thu, 19 Mar 2009, Jefferson Cowart wrote: > > > I'm new to rsyslog, and I'm trying to set it up to centralize logging > > for a number of devices on my network. I'd like for it to log > anything > > from my network switch to a single log file, my printers to another > log > > file, etc. I'm able to separate the devices based on their IP address > > (e.g. my switches are in one IP subnet and my printers in another.) I > > see how to do per device logging on > > http://www.rsyslog.com/Article60.phtml, but I don't see a way to > adjust > > that to do it based on IP subnet or anything like that. Unfortunately > it > > looks like both FROMHOST and HOSTNAME are names not IPs, so it's not > > even clear if I could filter on that. Any help would be appreciated. > > Thanks. > > there is fromhost-ip that will give you the last-hop IP address > > I don't see an easy way to do it based on subnets, but take a look at > the > rscript stuff that just went into the development branch in the last > week > or so. that may give you the hooks needed to do the subnet calculation > that will let you do what you want.
The only function currently supported is strlen(), but this is a very interesting use case to extend function support. I think I will add a couple of functions even without a full loadable interface, just to get some basic things done. If everything turns out to go smooth, I can hopefully do this next week. In the mean time, I would see if a property-based (regex) filter can do the job. For a classical class A,B,C net that should be easy to do. Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
