<div dir="ltr">Not easily without sending some sensitive data. <div><br></div><div>I take it the rule set logic seems correct then ? </div><div><br></div><div>This filter will remove data from both/either subnet from a message stream, </div><div><span style="font-size:12.8px">filter f_network {not netmask("</span><a href="http://192.168.238.0/24" target="_blank" style="font-size:12.8px">192.168.238.0/24</a><span style="font-size:12.8px">") and not netmask("</span><a href="http://192.168.239.0/24" target="_blank" style="font-size:12.8px">192.168.239.0/24</a><span style="font-size:12.8px">") ; }; </span></div><div><br></div><div>These rules work in the same concatenation way ? </div><div><div class="" tabindex="-1" style="font-size:medium"><div class="" style="width:1121px"><div class=""><div id=":2tv"><div class=""><div class=""><div id=":129" class="" style="font-size:12.8px"><div id=":128" class="" style="overflow:hidden"><div dir="ltr"><div>filter(f_network); filter(f_audit); filter(f_mcafee); destination (d_remote);</div><div class=""></div></div></div></div><div class=""></div></div><div class=""></div></div><div class="" style="font-size:12.8px"><div class=""><div class="" style="padding-left:0px"></div></div></div></div></div></div></div><div class="" tabindex="-1" style="font-size:medium"><div class="" style="width:1121px"><div class=""><div id=":2tq"><div class=""><div class=""><div class=""></div></div></div></div></div></div></div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 16, 2016 at 9:28 AM, PÁSZTOR György <span dir="ltr"><<a href="mailto:pasztor@linux.gyakg.u-szeged.hu" target="_blank">pasztor@linux.gyakg.u-szeged.hu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<span class=""><br>
"Scot" <<a href="mailto:scotrn@gmail.com">scotrn@gmail.com</a>> írta 2016-02-16 09:22-kor:<br>
> I'm still getting stuff on nmsloghost that I think should be filtered out.<br>
<br>
</span>Can you show us an example, which is forwarded to nmsloghost,<br>
but should be filtered out?<br>
A simple .pcap file, or "grep" or anything would be nice.<br>
<br>
Cheers,<br>
Gyu<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</blockquote></div><br></div>