On Wed, 2005-12-28 at 08:57 -0800, Paolo Supino wrote:
Hi
Even thoguh thi never happened to anyone (acheiving uniqueness is hard work ;-)) I think that it's worth mentioning somewhere that when using host directive in a filter the name used must be the same as the name of te sending server....
it depends. the host() directive matches the host part in the message which might have been rewritten by syslog-ng according to various options keep_hostname(), use_dns() and of course similar options by the sender server. If the whole chain of syslog relays keep the hostname part intact then you might be able to filter based on the original host name, but of course this requires some trust in the relays as nothing authenticates the hostname there. -- Bazsi