Hi guys,<div><br></div><div>Just new, and created the following conf for testing purposes. The problem is that i get the logs in both destinations despite the filter.</div><div><br></div><div><div>@version: 3.4</div><div>@include &quot;scl.conf&quot;</div>
<div><br></div><div>options { </div><div>        keep_hostname(yes);</div><div>        normalize_hostnames(yes);</div><div>        threaded(yes);</div><div>        ts_format(iso); # Adds TZ</div><div>        #use_fqdn(yes);</div>
<div>        use_dns(no);        </div><div>};</div><div><br></div><div>source s_local {<br></div><div>        system();</div><div>        internal();</div><div>};</div><div><br></div><div>source s_network {</div><div>        udp();</div>
<div>};</div></div><div><br></div><div><div>destination d_local {</div><div>        file(&quot;/var/log/messages&quot;);</div><div>};</div><div><br></div><div>destination d_my_mac {</div><div>        file(&quot;/var/log/mymac&quot;);</div>
<div>};</div></div><div><br></div><div><div>filter f_my_mac {</div><div>        netmask(<a href="http://10.24.18.2/255.255.255.255">10.24.18.2/255.255.255.255</a>);</div><div>};</div></div><div><br></div><div><div>log {</div>
<div>        source(s_network);</div><div>        filter(f_my_mac);</div><div>        destination(d_my_mac);</div><div>        flags(final);</div><div>};</div><div><br></div><div>log {</div><div>        source(s_local);</div>
<div>        # uncomment this line to open port 514 to receive messages<br></div><div>        source(s_network);</div><div>        #destination(d_central_udp);</div><div>        destination(d_local);</div><div>};</div></div>
<div><br></div><div><br></div><div>as netmask i also tried cidr /24 and same thing. The problem is that i get the logs in both destinations. I only want to have them in my_mac</div><div><br></div><div>Thanks!</div>