> > Okay.. I understand. One more question, and this is more of a > > future support sort of thing. I'm only asking because I'm wondering if > > this was brought up with the CEE dictionary thing. You have things > > like %ip:ipv4% and %port:number% . Do you have any idea if there will > > eventually be something like a %ip:%ipv4:src% or %ip:ipv4:dst% type of > > flags (same idea applying to %port:number%)? This might be useful, > > for not only normalization, but XML and JSON output. > > Can you elaborate what you mean by %ip:ipv4:src%, I am not 100% sure I really > understood...
Here's what I mean.. From an example Cisco PIX log (message
portion only).
%PIX-7-710005: UDP request discarded from 192.168.20.45/53 to
%outside:192.168.20.208/37989
We have a source IP, destination IP, source port, destination
port. So an example rule might be:
%PIX-7-710005: UDP request discarded from %ip:ipv4:src%/%port:number:src% to
%outside:%ip:ipv4:dst%/%port:number:dst%
Does this make sense? Or is it outside to scope of things?
--
Champ Clark III | Softwink, Inc | 800-538-9357 x 101
http://www.softwink.com
GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.
pgpTnwT4SQhws.pgp
Description: PGP signature
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
