<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
The log message is the following from the strace:<br>
<blockquote type="cite"><182>1
2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]...</blockquote>
<br>
As I see the IP address is ::1 in the message, as the hostname (or
IP address) comes after the timestamp.<br>
<br>
So in this case the IPv4 filter won't kick in for an IPv6 address.<br>
<br>
Kind regards,<br>
Gergely Csordás<br>
<br>
<br>
<div class="moz-cite-prefix">On 08/03/2016 07:22 PM, Harsha S Aryan
wrote:<br>
</div>
<blockquote
cite="mid:CAAqh_uG=zRhHkxP7jnn3emsqXqwF_z=ysVtyGP5mLPgGCw5q9w@mail.gmail.com"
type="cite">
<p dir="ltr">Still same issue</p>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Aug 3, 2016 10:35 PM, "SZIGETVÁRI
János" <<a moz-do-not-send="true"
href="mailto:jszigetvari@gmail.com">jszigetvari@gmail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Hello Christian,<br>
<br>
</div>
Syslog-ng would issue a warning had there been a
syntax error. (You can check your config files for
syntax errors with the -svf <configfile>
parameters set.)<br>
<br>
</div>
To me it seems that the filter you've set up for that
specific IP range "f_devenv01_04net" is not the same
that you seem to be using in your log stanza
("f_devenv_04net").<br>
<br>
</div>
Best Regards,<br>
<div>
<div>
<div>
<div>
<div>János Szigetvári<br clear="all">
</div>
<div><br>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">Janos
SZIGETVARI<br>
<span>RHCE, License
no. <a
moz-do-not-send="true"
href="https://www.redhat.com/rhtapps/verify/?certId=150-053-692"
target="_blank">150-053-692</a></span><br>
<br>
__@__˚V˚<br>
Make the switch to
open (source)
applications,
protocols, formats
now:<br>
- windows ->
Linux, iexplore
-> Firefox,
msoffice ->
LibreOffice<br>
- msn -> jabber
protocol (Pidgin,
Google Talk)<br>
- mp3 -> ogg, wmv
-> ogg, jpg ->
png, doc/xls/ppt
-> odt/ods/odp</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-08-03 17:52
GMT+02:00 Christian Turner <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:cturner@highroads.com"
target="_blank">cturner@highroads.com</a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p>Hi,</p>
<p> </p>
<p>I have the following filter
configured;</p>
<p> </p>
<p>source
src_devenv01 {
udp(ip(0.0.0.0) port(514)); };</p>
<p>filter f_devenv01_04net
{ netmask(<a
moz-do-not-send="true"
href="http://10.22.209.0/24"
target="_blank">10.22.209.0/24</a>);
};</p>
<p>destination d_devenv_04net {
file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log");
};</p>
<p>log
{ source(src_devenv01);
filter(f_devenv_04net);
destination(d_devenv_04net);
flags(final); };</p>
<p> </p>
<p>However, the filter does not work,
and the logs from this source all go
to the generic logging destination.</p>
<p> </p>
<p>I perform an strace and I can see
that the IP appears as expected, so
I’m figuring I have a syntax error
somewhere;</p>
<p> </p>
<p>[pid 28481] recvfrom(11,
"<182>1
2016-08-03T10:27:50.645062-04:00 ::1
[[REDACTED]]..., 8192, 0,
{sa_family=AF_INET,
sin_port=htons(58785),
sin_addr=inet_addr("<b>10.22.209.10</b>")},
[16]) = 265<span></span></p>
<span><font color="#888888">
<p> </p>
<p><b><span style="color:black">Christian
Turner</span></b><span
style="color:black">
</span><span
style="color:rgb(31,73,125)"></span></p>
<p> </p>
</font></span></div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
GPG: F9F734B5
Ezen üzenet és annak bármely csatolt anyaga bizalmas, jogi védelem alatt áll, a nyilvános közléstől védett. Az üzenetet kizárólag a címzett használhatja fel. Ha Ön nem az üzenet címzettje, úgy kérjük, hogy értesítse erről az üzenet küldőjét és törölje az üzenetet, valamint annak összes csatolt mellékletét a rendszeréből. Ha Ön nem az üzenet címzettje, abban az esetben tilos az üzenetet vagy annak bármely csatolt mellékletét lemásolnia, elmentenie, az üzenet tartalmát bárkivel közölnie vagy azzal visszaélnie. Az üzenet az elküldés előtt vírusellenőrzésen nem esett át és a vírusmentességére nincs semmilyen garancia, ezért kérjük, ellenőrizze azt!
Email communication is confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email you must neither take any action based upon its contents nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.</pre>
</body>
</html>