Synopsis: |
netmask6(ipv6/mask) |
Description: Select only messages sent by a host whose IP address belongs to the specified IPv6 subnet. Note that this filter checks the IP address of the last-hop relay (the host that actually sent the message to syslog-ng OSE), not the contents of the HOST field of the message. You can use both the regular and the compressed format to specify the IP address, for example, 1080:0:0:0:8:800:200C:417A or 1080::8:800:200C:417A. If you do not specify the address, localhost is used.
Use the netmask (also called prefix) to specify how many of the leftmost bits of the address comprise the netmask (values 1-128 are valid). For example, the following specify a 60-bit prefix: 12AB:0000:0000:CD30:0000:0000:0000:0000/60 or 12AB::CD30:0:0:0:0/60. Note that if you set an IP address and a prefix, syslog-ng OSE will ignore the bits of the address after the prefix. To filter IPv4 addresses, see netmask().
The netmask6() filter is available in syslog-ng OSE 3.7 and later.
|
Caution:
If the IP address is not syntactically correct, the filter will never match. The syslog-ng OSE application currently does not send a warning for such configuration errors. |
Synopsis: |
program(regexp) |
Description: Match messages by using a regular expression against the program name field of log messages.
Synopsis: |
rate-limit(template($HOST) rate(5000)) |
Description: Limits messages rate based on arbitrary keys in each message. The key will be resolved using the template() option. Each resolution will be allowed to have the number of messages each second, set by the rate() option. For example if template($HOST) and rate(5000) are set, and there are 2 hosts sending messages to syslog-ng OSE, a total of 10000 messages will be allowed by the rate-limit() filter, 5000 from the first and 5000 from the second host. If template() was not set instead, then 5000 messages would be allowed each second, regardless of their content.
NOTE: In syslog-ng OSE version 3.35 the rate-limit() filter was called throttle(). In syslog-ng OSE version 3.36 it got renamed to rate-limit(), but throttle() is still available for backward compatibility.
NOTE: Like every other filter, messages unmatched (outside of the rate limit) by the rate-limit() filter are dropped by default. Also, as every filter can be used in channels or if conditions, the messages unmatched can be caught and handled, like sent to a different destination, and so on.
Example: Using the rate-limit() filter
The following example depicts the scenario described in the description part of this section.
filter f_rate_limit {
rate-limit(
template("$HOST")
rate(5000)
);
};
The rate-limit() filter has the following options.
rate()
Type: |
number |
Default: |
N/A |
Mandatory: |
yes |
Description: The number of messages for each unique macro resolution, that will be let through (matched) by the filter each second.
template()
Type: |
template |
Default: |
empty string |
Description: The resolved template, that will be used to create unique rate-limit token buckets.