20 Oct
2009
20 Oct
'09
7:43 a.m.
On Mon, 2009-10-19 at 15:43 -0400, Matty wrote:
Howdy,
I am using syslog-ng 3.0.4, and am encountering a bizarre issue where a small percentage of messages don't match the following filter:
filter f_hosts { (host("192.168.1.2") or host("192.168.1.3") or host("192.168.1.4")); };
this filters against the HOST portion of the syslog message and not the sender IP address that sent the syslog frame to the collector. If you want to filter based on that, you need the netmask() filter. -- Bazsi