Hmm I'm stuffed up I guess, but I can't work out where... Please help!!! Thanks, Bret Here is my syslog-ng.conf file options { sync(0); time_reopen(10); log_fifo_size(100); }; source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; source net { udp(); }; destination all { file("/var/adm/messages"); }; destination vpn { file("/usr/log1/vpn.log"); }; filter f_vpnhosts { host("203.126.246.216") or host("203.126.246.217") or host("203.126.246.218"); }; filter f_vpnhosts2 { host("10.84.3.10"); }; log { source(net); filter(f_vpnhosts); destination(vpn); }; log { source(net); filter(f_vpnhosts2); destination(vpn); }; log { source(local); destination(all); }; log { source(net); destination(all); }; Here is the log lines I'm trying to re-direct to the vpn.log Nov 7 08:15:55 10.84.3.10/10.84.3.10 [1:33947706:Gate7520:CHARTERED 01:203.126.246.216]2001/11/07 16:27:41 Isakmp ScSA: Rekey Phase 2: Loc:10.200.*.*, Rem:10.84.3.50 (66.68.164.196) But what happens is that everything ends up in teh "all" destination instead of the vpn destination....
Hi, Bret!
But what happens is that everything ends up in teh "all" destination instead of the vpn destination.... It should end to be shown in both...
Try to add ".*" to your host check regexp. Perhaps it doesn't match because there is something more than the single host IP. And for the all destination: you could use a third filter like this to prevent VPN messages getting there like this: filter fallb { not (filter (f_vpnhosts) or filter (f_vpnhosts2)); }; bye.baltasar ::: B A L T A S A R C E V C mailto: baltasar@cevc-topp.de Tel.: +49 89 99020515
participants (2)
-
Baltasar Cevc
-
bretwatson@charteredsemi.com