Mailing List Archive

This might help...

https://www.rsyslog.com/doc/v8-stable/configuration/lookup_tables.html

Regards,



On 1/3/19 8:23 AM, Mario Harm wrote:
> I am currently filtering firewall connection events. The Source IP
> (sort -u) of those events is extracted and saved in a log-file (so
> once in a while another IP is added).
> I would like to check if another connection event contains one of
> those unique IP-Adresses.
>
>
> Is this doable with rsyslog or should I write a shell script to change
> the rsyslog-config whenever "SRC_IP.log" was edited?
>
> Happy New Year and best regards
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Yep, this is one of the use cases that we had in mind when we designed the
lookup tables.

David Lang

On Thu, 3 Jan 2019, John Chivian wrote:

> This might help...
>
> https://www.rsyslog.com/doc/v8-stable/configuration/lookup_tables.html
>
> Regards,
>
>
>
> On 1/3/19 8:23 AM, Mario Harm wrote:
>> I am currently filtering firewall connection events. The Source IP (sort
>> -u) of those events is extracted and saved in a log-file (so once in a
>> while another IP is added).
>> I would like to check if another connection event contains one of those
>> unique IP-Adresses.
>>
>>
>> Is this doable with rsyslog or should I write a shell script to change the
>> rsyslog-config whenever "SRC_IP.log" was edited?
>>
>> Happy New Year and best regards
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>> LIKE THAT.
>
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Thank you very much for your help David.
I am fairly inexperienced regarding rsyslog but it's an exciting topic
and I'll try my best to improve :)

To be honest, I read the Article about lookup tables before I wrote the
question, but I didn't realize its potential and that it's exactly what
I would need. (won't happen again)
Of course I blame the lack of coffee and sleep...

Best regards

Am 04.01.2019 01:10, schrieb David Lang:
> Yep, this is one of the use cases that we had in mind when we designed
> the lookup tables.
>
> David Lang
>
> On Thu, 3 Jan 2019, John Chivian wrote:
>
>> This might help...
>>
>> https://www.rsyslog.com/doc/v8-stable/configuration/lookup_tables.html
>>
>> Regards,
>>
>>
>>
>> On 1/3/19 8:23 AM, Mario Harm wrote:
>>> I am currently filtering firewall connection events. The Source IP
>>> (sort -u) of those events is extracted and saved in a log-file (so
>>> once in a while another IP is added).
>>> I would like to check if another connection event contains one of
>>> those unique IP-Adresses.
>>>
>>>
>>> Is this doable with rsyslog or should I write a shell script to
>>> change the rsyslog-config whenever "SRC_IP.log" was edited?
>>>
>>> Happy New Year and best regards
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>>> POST if you DON'T LIKE THAT.
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if you DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

the only bad question is the one not asked :-)

On Fri, 4 Jan 2019, Mario Harm wrote:

David Lang

> Thank you very much for your help David.
> I am fairly inexperienced regarding rsyslog but it's an exciting topic and
> I'll try my best to improve :)
>
> To be honest, I read the Article about lookup tables before I wrote the
> question, but I didn't realize its potential and that it's exactly what I
> would need. (won't happen again)
> Of course I blame the lack of coffee and sleep...
>
> Best regards
>
> Am 04.01.2019 01:10, schrieb David Lang:
>> Yep, this is one of the use cases that we had in mind when we designed
>> the lookup tables.
>>
>> David Lang
>>
>> On Thu, 3 Jan 2019, John Chivian wrote:
>>
>>> This might help...
>>>
>>> https://www.rsyslog.com/doc/v8-stable/configuration/lookup_tables.html
>>>
>>> Regards,
>>>
>>>
>>>
>>> On 1/3/19 8:23 AM, Mario Harm wrote:
>>>> I am currently filtering firewall connection events. The Source IP (sort
>>>> -u) of those events is extracted and saved in a log-file (so once in a
>>>> while another IP is added).
>>>> I would like to check if another connection event contains one of those
>>>> unique IP-Adresses.
>>>>
>>>>
>>>> Is this doable with rsyslog or should I write a shell script to change
>>>> the rsyslog-config whenever "SRC_IP.log" was edited?
>>>>
>>>> Happy New Year and best regards
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>> DON'T LIKE THAT.
>>>
>>>
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
>> if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.