I'm trying to shunt a bunch of logs from a group of IP's (about 10 IP's
or so) to a fifo.
Is the best way to do this with a property filter like the following?
$template SplunkPipe,"|/logs/splunk/splunk.fifo"
:fromhost-ip, isequal, "10.1.5.3"
*.* -?SplunkPipe
And how would I easily specify many 10 IP's? I'm thinking it would be
slick to be able to find a "netgroup" that has the member IP's I want
then just have my selector match against that netgroup. Is that sort
of magic possible?
Unfortunately I'm using rsyslog with RHEL5 which is only v2.0.6.
Examples appreciated. :)
Ray
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
or so) to a fifo.
Is the best way to do this with a property filter like the following?
$template SplunkPipe,"|/logs/splunk/splunk.fifo"
:fromhost-ip, isequal, "10.1.5.3"
*.* -?SplunkPipe
And how would I easily specify many 10 IP's? I'm thinking it would be
slick to be able to find a "netgroup" that has the member IP's I want
then just have my selector match against that netgroup. Is that sort
of magic possible?
Unfortunately I'm using rsyslog with RHEL5 which is only v2.0.6.
Examples appreciated. :)
Ray
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com