Dear Experts,
I have implemented syslog server on CentOS and filtering all *NATing *events
from Juniper nodes into a single file using below template (*rsyslog.conf*)
-
*##For redirecting the NAT/FW logs to specific file/directory*
*#$template TmplcpFW, "/var/log/NIPFW/%HOSTNAME%.log"*
*if ($hostname == ["CP1FW1", "CP1FW2", "CP2FW1", "CP2FW2","CP1CGNAT"]) then
?TmplcpFW*
*& ~*
Now I would like to further segregate these logs based on IP-pools used (*e.g-
100.70.0.0*) as this is the only unique data available in all event logs.
Below is the sample logs and info available in various events (*for one of
the ip-pool*)
*<150>1 2018-12-20T16:07:00.482369+01:00 2018-12-20 15 - - - 06:59:
CP1CGNAT_O{OFR_NAT}[jservices-nat]: JSERVICES_NAT_RULE_MATCH: proto 6 (TCP)
application: any, xe-1/0/1.1718:100.70.0.2:59794 -> 109.32.8.15:80
<http://109.32.8.15:80>, Match NAT rule-set: (null), rule: O_NAT_XX, term:
t1*
*<150>1 2018-12-20T16:07:00.482369+01:00 2018-12-20 15 - - - 06:59:
CP1CGNAT_O{OFR_NAT}JSERVICES_SESSION_OPEN: application:none, xe-1/0/1.1718
100.70.0.2:59794 [55.93.69.53:26620 <http://55.93.69.53:26620>] ->
109.32.8.15:80 <http://109.32.8.15:80> (TCP) *
*<150>1 2018-12-20T16:07:11.091313+01:00 2018-12-20 15 - - - 07:10:
CP1CGNAT_O{OFR_NAT}JSERVICES_SESSION_CLOSE: application:none, xe-1/0/1.1718
100.70.0.2:59778 [55.93.69.60:40136 <http://55.93.69.60:40136>] ->
109.32.8.15:80 <http://109.32.8.15:80> (TCP) *
Can you please suggest/help to achieve this in rsyslog?
Thanks a lot for your great help.
--
Regards
Sarjit
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
