https://bugzilla.balabit.com/show_bug.cgi?id=140 Summary: syslog-ng ignores filter boolean logic Product: syslog-ng Version: 3.3.x Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: lisaev@umail.iu.edu Type of the Report: --- Estimated Hours: 0.0 Created an attachment (id=42) --> (https://bugzilla.balabit.com/attachment.cgi?id=42) syslog-ng 3.3.1 config file I am running syslog-ng 3.3.1 (arch linux), and noticed that my iptables logs go into every possible logfile, i.e. /var/log/{messages,kernel,iptables}.log. For example: cur_work$ tail -n1 /var/log/kernel.log Oct 23 12:43:18 linhost kernel: [ 5372.600518] firewall: IN=wlan0 OUT= MAC=00:26:c6:d7:27:6a:00:17:0f:70:b1:00:08:00 SRC=74.125.65.108 DST=96.125.23.251 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=28546 PROTO=TCP SPT=993 DPT=52331 WINDOW=0 RES=0x00 RST URGP=0 This is despite the fact that syslog-ng.conf contains filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; filter f_kernel { facility(kern) and not filter(f_iptables); }; I also tried modifying f_iptables as filter f_iptables { match("firewall" value("MESSAGE")); }; but still get firewall logs everywhere :( I add the full syslog-ng.conf as an attachment. Thanks. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.