<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
With regards to filters for host, which one of the two is correct? (if any)<br><br>filter F_mailservers { host ("^mail$*") or ("^smtp$); };<br>
filter F_mailservers { host("^mail$") or
host("^smtp$"); }; <br><br>Again, I am trying to find hosts named mailserver1, mailserver2, mailserver-gw, smtpgw1 and smtp-gw<br><br>Thanks in advance,<br><br>.vp<br><blockquote><hr>From: wiskbroom@hotmail.com<br>To: syslog-ng@lists.balabit.hu<br>Date: Thu, 8 May 2008 15:08:48 -0400<br>Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended<br><br>
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML">
<style>
.ExternalClass .EC_hmmessage P
{padding:0px;}
.ExternalClass body.EC_hmmessage
{font-size:10pt;font-family:Tahoma;}
</style>
syslog-ng 2.0.7<br><br>I remember needing that in order to see the hostname from a WAP not too long ago.<br><br>> From: Sandor.Geller@morganstanley.com<br>> To: syslog-ng@lists.balabit.hu<br>> Date: Thu, 8 May 2008 19:19:05 +0100<br>> Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended<br>> <br>> Hi,<br>> <br>> > Here are some recent logs.<br>> ><br>> ><br>> > May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net<br>> > postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E:<br>> > to=<b.smith@nodomain.net>,<br>> > relay=192.168.12.1[192.168.12.1]:25, delay=0.48,<br>> > delays=0.31/0.02/0.01/0.14, dsn=2.6.0, status=sent (250 2.6.0<br>> ><br>> > <B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44@ns2.someotherdomain.<br>> com> Queued mail for delivery)<br>> <br>> Which version of syslog-ng are you using? I remember that postfix<br>> (more precisely postfix/daemonname-like program names) caused<br>> problems for older versions, although this might be unrelated.<br>> <br>> > I *believe* the double hostname is die to<br>> > chain_hostnames=yes? Don't remember.<br>> <br>> No, there would be an '@' between the hostnames. I still don't see<br>> how 'sw' could match your logs :(<br>> <br>> regards,<br>> <br>> Sandor<br>> --------------------------------------------------------<br>> <br>> NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.<br>> ______________________________________________________________________________<br>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<br>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<br>> FAQ: http://www.campin.net/syslog-ng/faq.html<br>> <br>
</blockquote></body>
</html>