I'm trying to shunt a bunch of logs from a group of IP's (about 10 IP's or so) to a fifo.
Is the best way to do this with a property filter like the following? $template SplunkPipe,"|/logs/splunk/splunk.fifo" :fromhost-ip, isequal, "10.1.5.3" *.* -?SplunkPipe And how would I easily specify many 10 IP's? I'm thinking it would be slick to be able to find a "netgroup" that has the member IP's I want then just have my selector match against that netgroup. Is that sort of magic possible? Unfortunately I'm using rsyslog with RHEL5 which is only v2.0.6. Examples appreciated. :) Ray _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
