<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
Here are some recent logs.<br>
<p class="MsoNormal">May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net
postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E: to=<b.smith@nodomain.net>,
relay=192.168.12.1[192.168.12.1]:25, delay=0.48, delays=0.31/0.02/0.01/0.14,
dsn=2.6.0, status=sent (250 2.6.0 <B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44@ns2.someotherdomain.com>
Queued mail for delivery)<br>
May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net
postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E: to=<m.jackson@nodomain.net>,
relay=192.168.12.1[192.168.12.1]:25, delay=0.48, delays=0.31/0.02/0.01/0.14,
dsn=2.6.0, status=sent (250 2.6.0
<B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44@ ns2.someotherdomain.com>
Queued mail for delivery)<br>
May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net
postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E: to=<r.lindsay@nodomain.net>,
relay=192.168.12.1[192.168.12.1]:25, delay=0.48, delays=0.31/0.02/0.01/0.14,
dsn=2.6.0, status=sent (250 2.6.0
<B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44@ ns2.someotherdomain.com>
Queued mail for delivery)<br>
May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net
postfix/qmgr[13267]: [ID 197553 mail.info] BBBF66CB1E: removed</p>
I *believe* the double hostname is die to chain_hostnames=yes? Don't remember.<br><br>Regards,<br><br>.vp<br><br><br>> From: Sandor.Geller@morganstanley.com<br>> To: syslog-ng@lists.balabit.hu<br>> Date: Thu, 8 May 2008 18:05:28 +0100<br>> Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended<br>> <br>> Hi,<br>> <br>> > My problems lie with the other filters, the ones at the end:<br>> ><br>> > filter F_edge { host("edge*") or host("122.21.*"); };<br>> > filter F_router { host("gw*") or host("rtr") or host("mmsc"); };<br>> > filter F_switch { host("sw*") or host("sw1") or host("sw2"); };<br>> > filter F_firewall { host("^fw*") or host("^mlm*-*") or<br>> > host("^cm*"); };<br>> > filter F_dc { host("^mydc*") or host("^dc*"); };<br>> > filter F_accesspoints { host("^melanie*"); };<br>> > filter F_mailservers { host("^mail*") or host("^smtpgw*"); };<br>> > filter F_proxies { host("^proxygw*"); };<br>> > filter F_InternetIP { host("161.17.10.*"); };<br>> ><br>> > The above, based on the filter rule for F_mailservers, should<br>> > place anything coming in from a host named mailserver1, or<br>> > smtpgw1 into destination D_mailservers, which in turn should<br>> > save logs into file named<br>> > /var/log/MyHosts/MailServers/$FULLHOST.log. Instead I find<br>> > those logs in /var/log/MyHosts/Switches/$FULLHOST.log (which<br>> > is really<br>> > /var/log/MyHosts/Switches/mailserver1.mycorp.net/mailserver1.m<br>> > ycorp.net.log)<br>> <br>> It would be nice to see at least a log entry from the file. BTW<br>> how did the hostname appear twice in the destination filename?<br>> Either I overlooked something or you're not using exactly the<br>> same config you sent.<br>> <br>> > I need to figure out a way to write the differences for hosts<br>> > that begin with pattern xxx (^xxx)? and those with xxx at the<br>> > end (*xxx) and those with xxx in the middle (*xxx)?, and for<br>> > the life of me, I can't fifure out why the above is sending<br>> > into Switches :-(<br>> <br>> You've anchors in your filter regexps already. "^xxx", "xxx$",<br>> ".xxx." are what you need if I understand you correctly.<br>> <br>> Regards,<br>> <br>> Sandor<br><br></body>
</html>