HI, Am currently using Syslog-ng to collect snmptraps. My problem is that I amcurrently receiving traps from three different networks and I have to filter them out. I am receiving traps from 64.251.65.224/255.255.255.240 66.163.79.0/255.255.255.128 204.209.214.0/255.255.254.0 Where I want traps from 64.251.65.224/255.255.255.240 and 66.163.79.0/255.255.255.128 to be stored in one file While traps from 204.209.214.0/255.255.254.0 in another. Currently this is what my syslog-ng.conf looks like And I am receiving nothing :-( I am very frustrated with this. Please help. Thank you. options { long_hostnames(yes); keep_hostname(yes); use_fqdn(on); create_dirs(yes); owner(nmadmin); group(users); perm(0755); dir_owner(nmadmin); dir_group(users); dir_perm(0755); sync(0); # The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); }; source src{unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; filter f_messages { not level(warn); }; log { source(src); filter(f_messages); destination(messages); }; #for SNMPTRAP destination ipbb_lab_traps { file("/store/ipbb_lab/traps/$YEAR-$MONTH-$DAY"); }; destination ipbb_traps { file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); }; #filter snmptrap filter f_testA { level(warn)and netmask(64.251.65.224/255.255.255.240); }; filter f_testB { level(warn)and netmask(66.163.79.0/255.255.255.128); }; log { source(src); filter(f_testA); destination(ipbb_traps); }; log { source(src); filter(f_testB); destination(ipbb_traps); }; filter f_test2 { level(warn)and netmask(204.209.214.0/255.255.254.0); }; log { source(src); filter (f_test2); destination(ipbb_lab_traps); }; Kelly Pow IP Backbone Networks Intern Shaw CableSystems G.P Tel: 1.403.303.6387 kelly.pow@sjrb.ca <mailto:kelly.pow@sjrb.ca> _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Frans Stekelenburg Sent: Wednesday, August 03, 2005 5:27 AM To: Syslog-ng users' and developers' mailing list; ebroo@healthydirections.com Subject: RE: [syslog-ng] syslog-ng- filter() problem try making another filter first with the three filters and 'or' statements. Sounds like your config creates an and-and-and situation for you, leading in nothing beeing logged. I think I came across this situation on one of the helpful pages around (google), but unfortunatly don't remember where, so I can't refer you to it. regards, frans _____ From: Kelly Pow [mailto:kelly.pow@sjrb.ca] Sent: dinsdag 2 augustus 2005 18:55 To: Syslog-ng users' and developers' mailing list; ebroo@healthydirections.com Subject: RE: [syslog-ng] syslog-ng- filter() problem Hi, I am collecting traps and syslog data Yes they are being sent to the right place. Yes the destinations exist and the permissions are correct I am running Gentoo And syslog-ng version- 1.6.5-r2 The problem is: log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter (f_ipbb2); destination(ipbb_traps); }; if I only have : log { source(src); filter(f_snmptrap); destination(ipbb_traps); }; or log { source(src); filter(f_ipbb1); destination(ipbb_traps); }; but when I add more filters it give me nothing Why? Kelly Pow IP Backbone Networks Intern Shaw CableSystems G.P Tel: 1.403.303.6387 kelly.pow@sjrb.ca <mailto:kelly.pow@sjrb.ca> _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Edward Brookhouse Sent: Friday, July 29, 2005 5:08 AM To: 'Syslog-ng users' and developers' mailing list' Subject: RE: [syslog-ng] syslog-ng- filter() problem Are you collecting traps or syslog data ? Tcpdump is your friend - are the syslog speakers speaking to the right place ? Is anything else being logged on the box from other sources? Does the destination exist and permissions correct What os ? Which versions of syslog-ng _____ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Kelly Pow Sent: Thursday, July 28, 2005 5:55 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] syslog-ng- filter() problem Hi, I am trying to collect traps from these two networks. 66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240 I don't understand why when I do this it doesn't collect anything Any ideas/.?? ---------------------------------------------------------------------------- --------------------------- source src{unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; filter f_messages { not level(warn); }; log { source(src); filter(f_messages); destination(messages); }; #filter snmptrap filter f_snmptrap { level(warn); }; #testing filters for the different networks filter f_ipbb1 {netmask("66.163.79.0/255.255.255.128"); }; filter f_ipbb2 {netmask("64.251.65.224/255.255.255.240"); }; destination ipbb_traps { file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); }; log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter (f_ipbb2); destination(ipbb_traps); }; ---------------------------------------------------------------------------- ------------------------------- Kelly Pow IP Backbone Networks Intern Shaw CableSystems G.P Tel: 1.403.303.6387 kelly.pow@sjrb.ca <mailto:kelly.pow@sjrb.ca>