<div dir="ltr">Hello Gergő,<br><div class="gmail_extra"><br><div class="gmail_quote">2016-08-03 19:43 GMT+02:00 Gergely Csordás <span dir="ltr"><<a href="mailto:sirnelkher@gmail.com" target="_blank">sirnelkher@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-"></span><div bgcolor="#FFFFFF"><span class="gmail-"><blockquote type="cite"><182>1
2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]...</blockquote>
<br></span>
As I see the IP address is ::1 in the message, as the hostname (or
IP address) comes after the timestamp.<br>
<br>
So in this case the IPv4 filter won't kick in for an IPv6 address.<br></div></blockquote><div><br></div><div>The netmask() filter does not check the contents of the HOST macro, but rather uses the sender's IP address for the comparison:<br><br><a href="https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#filter-netmask">https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#filter-netmask</a><br><br></div><div>As per the strace, the UDP package in deed seems to originate from 10.22.209.10.</div><div><br></div><div>Regards,<br></div><div>János<br></div></div></div></div>