Hi guys,<div><br></div><div>Just new, and created the following conf for testing purposes. The problem is that i get the logs in both destinations despite the filter.</div><div><br></div><div><div>@version: 3.4</div><div>@include "scl.conf"</div>
<div><br></div><div>options { </div><div> keep_hostname(yes);</div><div> normalize_hostnames(yes);</div><div> threaded(yes);</div><div> ts_format(iso); # Adds TZ</div><div> #use_fqdn(yes);</div>
<div> use_dns(no); </div><div>};</div><div><br></div><div>source s_local {<br></div><div> system();</div><div> internal();</div><div>};</div><div><br></div><div>source s_network {</div><div> udp();</div>
<div>};</div></div><div><br></div><div><div>destination d_local {</div><div> file("/var/log/messages");</div><div>};</div><div><br></div><div>destination d_my_mac {</div><div> file("/var/log/mymac");</div>
<div>};</div></div><div><br></div><div><div>filter f_my_mac {</div><div> netmask(<a href="http://10.24.18.2/255.255.255.255">10.24.18.2/255.255.255.255</a>);</div><div>};</div></div><div><br></div><div><div>log {</div>
<div> source(s_network);</div><div> filter(f_my_mac);</div><div> destination(d_my_mac);</div><div> flags(final);</div><div>};</div><div><br></div><div>log {</div><div> source(s_local);</div>
<div> # uncomment this line to open port 514 to receive messages<br></div><div> source(s_network);</div><div> #destination(d_central_udp);</div><div> destination(d_local);</div><div>};</div></div>
<div><br></div><div><br></div><div>as netmask i also tried cidr /24 and same thing. The problem is that i get the logs in both destinations. I only want to have them in my_mac</div><div><br></div><div>Thanks!</div>