Hello,

The log message is the following from the strace:
<182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]...

As I see the IP address is ::1 in the message, as the hostname (or IP address) comes after the timestamp.

So in this case the IPv4 filter won't kick in for an IPv6 address.

Kind regards,
Gergely Csordás


On 08/03/2016 07:22 PM, Harsha S Aryan wrote:

Still same issue


On Aug 3, 2016 10:35 PM, "SZIGETVÁRI János" <jszigetvari@gmail.com> wrote:
Hello Christian,

Syslog-ng would issue a warning had there been a syntax error. (You can check your config files for syntax errors with the -svf <configfile> parameters set.)

To me it seems that the filter you've set up for that specific IP range "f_devenv01_04net" is not the same that you seem to be using in your log stanza ("f_devenv_04net").

Best Regards,
János Szigetvári

--
Janos SZIGETVARI
RHCE, License no. 150-053-692

__@__˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp


2016-08-03 17:52 GMT+02:00 Christian Turner <cturner@highroads.com>:

Hi,

 

I have the following filter configured;

 

source src_devenv01                    { udp(ip(0.0.0.0) port(514)); };

filter f_devenv01_04net              { netmask(10.22.209.0/24); };

destination d_devenv_04net      { file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log"); };

log                                                    { source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net); flags(final); };

 

However, the filter does not work, and the logs from this source all go to the generic logging destination.

 

I perform an strace and I can see that the IP appears as expected, so I’m figuring I have a syntax error somewhere;

 

[pid 28481] recvfrom(11, "<182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785), sin_addr=inet_addr("10.22.209.10")}, [16]) = 265

 

Christian Turner

 


______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq





______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq




______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq



-- 
GPG: F9F734B5

Ezen üzenet és annak bármely csatolt anyaga bizalmas, jogi védelem alatt áll, a nyilvános közléstől védett. Az üzenetet kizárólag a címzett használhatja fel. Ha Ön nem az üzenet címzettje, úgy kérjük, hogy értesítse erről az üzenet küldőjét és törölje az üzenetet, valamint annak összes csatolt mellékletét a rendszeréből. Ha Ön nem az üzenet címzettje, abban az esetben tilos az üzenetet vagy annak bármely csatolt mellékletét lemásolnia, elmentenie, az üzenet tartalmát bárkivel közölnie vagy azzal visszaélnie. Az üzenet az elküldés előtt vírusellenőrzésen nem esett át és a vírusmentességére nincs semmilyen garancia, ezért kérjük, ellenőrizze azt!

Email communication is confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email you must neither take any action based upon its contents nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.