<span class="q">Below are a couple of message samples:<br>
<br>
"Message: %PIX-51-100908: Teardown UDP connection 30292827 for THEFORCEVPN:123.45.678.91/3130 to inside:<span style="background-color: rgb(255, 255, 0);">987.65.4.3/53</span> duration.......etc.."<br>
<br>
</span><span class="q">"Message: %PIX-51-070605: Teardown UDP connection 26252423 for ISSTRONGVPN:111.21.314.15/3130 to inside:<span style="background-color: rgb(255, 255, 0);"><a href="http://210.65.4.4/53">987.65.4.4/53
</a></span> duration.......etc.."</span><br>
<span class="q"><br>
I am trying to match 987.65.4.3 or 987.65.4.3/53 and 987<a href="http://210.65.4.4">.65.4.4</a>. Here is my syntax:<br>
<br>
</span><span class="q">filter f_pix { match(PIX) and not match("987.65.4.3") and not match("<a href="http://210.65.4.4">987.65.4.4</a>"); };<br>
<br>
Any suggestions?<br>
<br>
Thank You for your assistance!<br>
</span><span class="q"><br>
</span><span class="q">></span>match() matches the message part only, which does not include the<br>
<span class="q">></span>hostname part in the message header. If you actually copied a sample<br>
<span class="q">></span>message it would be easier to help out, and you have a much better<br>
<span class="q">></span>chance to receive messages on the syslog-ng mailing list. Lots of<span class="q"></span><br>
<span class="q">></span>helpful folks there, I'm sometimes unable to respond for days. :)<br>
<span class="q">></span><br>
<span class="q">></span>--<br>
<span class="q">></span>
Bazsi<br>
<span class="q"><br>
>> Hello!<br>>><br></span><span class="q">></span><span class="q">> I am trying to filter an IP by using match in the syslog-ng.conf file.<br></span><span class="q">></span><span class="q">> Below (in bold) is a portion of the thread that sort of describes my problem.
<br>></span><span class="q">></span><span class="q"> However the IP address that I am attempting to match is not the sender.<br>></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><span class="q">It is actually located within the message.<br>></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><span class="q"> I am using the following syntax:<br>></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><span class="q"> filter f_pix { match(PIX) and not match("xxx\.xx\.x\.x"); };<br>></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><span class="q"> Did not work. I've attempted many other variations and still no go.<br>></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><br>
<span class="q">></span><span class="q">></span><span class="q"> again the address that I am attempting to match is not the sender. It is located<br>></span><span class="q">></span><span class="q"> within the message.
<br><br></span>
<br>