Are you collecting traps or syslog data ?
Tcpdump is your friend - are the syslog
speakers speaking to the right place ?
Is anything else being logged on the box
from other sources?
Does the destination exist and permissions
correct
What os ? Which versions of syslog-ng
From:
syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Kelly Pow
Sent: Thursday, July 28, 2005 5:55
PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] syslog-ng-
filter() problem
Hi,
I am trying to collect traps from these two networks.
66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240
I don’t understand why when I do this it doesn’t collect
anything
Any ideas/.??
-------------------------------------------------------------------------------------------------------
source src{unix-stream("/dev/log"); internal();
pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages");
};
filter f_messages { not level(warn); };
log { source(src); filter(f_messages);
destination(messages); };
#filter snmptrap
filter f_snmptrap { level(warn); };
#testing filters for the different networks
filter f_ipbb1
{netmask("66.163.79.0/255.255.255.128"); };
filter f_ipbb2
{netmask("64.251.65.224/255.255.255.240"); };
destination ipbb_traps {
file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); };
log { source(src); filter(f_snmptrap); filter(f_ipbb1);
filter (f_ipbb2); destination(ipbb_traps); };
-----------------------------------------------------------------------------------------------------------
Kelly Pow
IP Backbone Networks Intern
Shaw CableSystems G.P
Tel: 1.403.303.6387