3 Aug
2016
3 Aug
'16
9:06 p.m.
Hello Gergő, 2016-08-03 19:43 GMT+02:00 Gergely Csordás <sirnelkher@gmail.com>:
<182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]...
As I see the IP address is ::1 in the message, as the hostname (or IP address) comes after the timestamp.
So in this case the IPv4 filter won't kick in for an IPv6 address.
The netmask() filter does not check the contents of the HOST macro, but rather uses the sender's IP address for the comparison: https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-... As per the strace, the UDP package in deed seems to originate from 10.22.209.10. Regards, János