Not easily without sending some sensitive data.

I take it the rule set logic seems correct then ?

This filter will remove data from both/either subnet from a message stream,

filter f_network {not netmask("192.168.238.0/24") and not netmask("192.168.239.0/24") ; };

These rules work in the same concatenation way ?

filter(f_network); filter(f_audit); filter(f_mcafee); destination (d_remote);

On Tue, Feb 16, 2016 at 9:28 AM, PÁSZTOR György <pasztor@linux.gyakg.u-szeged.hu> wrote:

Hi,

"Scot" <scotrn@gmail.com> írta 2016-02-16 09:22-kor:
> I'm still getting stuff on nmsloghost that I think should be filtered out.

Can you show us an example, which is forwarded to nmsloghost,
but should be filtered out?
A simple .pcap file, or "grep" or anything would be nice.

Cheers,
Gyu
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq