
<p dir="ltr">Still same issue</p>

<div class="gmail_extra"><br><div class="gmail_quote">On Aug 3, 2016 10:35 PM, &quot;SZIGETVÁRI János&quot; &lt;<a href="mailto:jszigetvari@gmail.com">jszigetvari@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hello Christian,<br><br></div>Syslog-ng would issue a warning had there been a syntax error. (You can check your config files for syntax errors with the -svf &lt;configfile&gt; parameters set.)<br><br></div>To me it seems that the filter you&#39;ve set up for that specific IP range &quot;f_devenv01_04net&quot; is not the same that you seem to be using in your log stanza (&quot;f_devenv_04net&quot;).<br><br></div>Best Regards,<br><div><div><div><div><div>János Szigetvári<br clear="all"></div><div><br>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">Janos SZIGETVARI<br><span>RHCE, License no. <a href="https://www.redhat.com/rhtapps/verify/?certId=150-053-692" target="_blank">150-053-692</a></span><br><br>__@__˚V˚<br>Make the switch to open (source) applications, protocols, formats now:<br>- windows -&gt; Linux, iexplore -&gt; Firefox, msoffice -&gt; LibreOffice<br>- msn -&gt; jabber protocol (Pidgin, Google Talk)<br>- mp3 -&gt; ogg, wmv -&gt; ogg, jpg -&gt; png, doc/xls/ppt -&gt; odt/ods/odp</div></div></div></div></div></div></div></div></div></div></div></div></div></div><br><div class="gmail_extra"><br><div class="gmail_quote">2016-08-03 17:52 GMT+02:00 Christian Turner <span dir="ltr">&lt;<a href="mailto:cturner@highroads.com" target="_blank">cturner@highroads.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div lang="EN-US">

<div>

<p>Hi,<u></u><u></u></p>

<p><u></u> <u></u></p>

<p>I have the following filter configured;<u></u><u></u></p>

<p><u></u> <u></u></p>

<p>source src_devenv01                    { udp(ip(0.0.0.0) port(514)); };<u></u><u></u></p>

<p>filter f_devenv01_04net              { netmask(<a href="http://10.22.209.0/24" target="_blank">10.22.209.0/24</a>); };<u></u><u></u></p>

<p>destination d_devenv_04net      { file(&quot;/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log&quot;); };<u></u><u></u></p>

<p>log                                                    { source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net); flags(final); };<u></u><u></u></p>

<p><u></u> <u></u></p>

<p>However, the filter does not work, and the logs from this source all go to the generic logging destination.<u></u><u></u></p>

<p><u></u> <u></u></p>

<p>I perform an strace and I can see that the IP appears as expected, so I’m figuring I have a syntax error somewhere;<u></u><u></u></p>

<p><u></u> <u></u></p>

<p>[pid 28481] recvfrom(11, &quot;&lt;182&gt;1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785), sin_addr=inet_addr(&quot;<b>10.22.209.10</b>&quot;)}, [16]) = 265<span><font color="#888888"><u></u><u></u></font></span></p><span><font color="#888888">

<p><u></u> <u></u></p>

<p><b><span style="color:black">Christian Turner</span></b><span style="color:black">

</span><span style="color:rgb(31,73,125)"><u></u><u></u></span></p>

<p><u></u> <u></u></p>

</font></span></div>

</div>


<br>______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

<br></blockquote></div><br><br></div></div></div></div></div></div></div>

<br>______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

<br></blockquote></div></div>