Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended

syslog-ng 2.0.7 I remember needing that in order to see the hostname from a WAP not too long ago.

From: Sandor.Geller@morganstanley.com To: syslog-ng@lists.balabit.hu Date: Thu, 8 May 2008 19:19:05 +0100 Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended

Hi,

...

Here are some recent logs.

May 8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E: to=<b.smith@nodomain.net>, relay=192.168.12.1[192.168.12.1]:25, delay=0.48, delays=0.31/0.02/0.01/0.14, dsn=2.6.0, status=sent (250 2.6.0

<B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44@ns2.someotherdomain. com> Queued mail for delivery)

Which version of syslog-ng are you using? I remember that postfix (more precisely postfix/daemonname-like program names) caused problems for older versions, although this might be unrelated.

...

I *believe* the double hostname is die to chain_hostnames=yes? Don't remember.

No, there would be an '@' between the hostnames. I still don't see how 'sw' could match your logs :(

regards,

Sandor --------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html