Hi That is because the filter cisco_1 matches the address 192.168.0.1*, ex. 192.168.0.1 or 192.168.0.10 or 192.168.0.100 or 192.168.0.111 The filter at-rpg6_1 matches 192.168.0.10* ex. 192.168.0.10 or 192.168.0.100 or 192.168.0.102 or 192.168.0.109 Change the filter to filter cisco_1 { host ("192.168.0.1$"); }; filter at-rpg6_1 { host ("192.168.0.10$"); }; - Henning
Hi all. I have some network devices witch syslog function from example
1. 192.168.0.1 2. 192.168.0.10
I create syslog config and define this filter's
---------------------------------------------------------------------------- -------------------------------------
source s_network { udp ( ip (0.0.0.0) port (514) ); };
filter cisco_1 { host ("192.168.0.1"); };
filter at-rpg6_1 { host ("192.168.0.10"); };
destination cisco_1 { file ( /usr/local/syslog-ng/log/cisco.log ); };
destination d_file_6 { file ( /usr/local/syslog-ng/log/at-rpg6.log ); };
log { source ( s_network ); filter ( cisco_1 ); destination ( cisco_1); };
log { source ( s_network ); filter ( at-rpg6_1 ); destination ( d_file_6 ); };
---------------------------------------------------------------------------- ---------------------------------------
In this config I have some mistake, messages send from 192.168.0.10 stored into /usr/local/syslog-ng/log/at-rpg6.log
And it also stored /usr/local/syslog-ng/log/cisco.log
What's wrong ?
forgive me for bad english
WBR swop.