On Mon, 2010-09-20 at 12:58 -0400, Burton Simonds wrote:
I am using syslog-ng 3.1.2 and I am having a problem that I can not figure out.
Our network gear sends messages to syslog-ng, and then it filters them based on device type, and name.
There is one firewall, that is matching both the firewalls filter and the switches filter, and is subsequently writing to both locations.
in the example below, host 1.2.3.5 is logging to both the switches log dir and the firewalls log dir even though it is only referenced in the firewalls filter.
Other then the obvious possibilities, (Yes, I have confirmed that the ip address is only referenced in one filter) does anyone have any ideas on what I should look at?
host() takes a regular expression. Are you sure '.' (which matches any character) is not biting you here? -- Bazsi