I have several systems that are sending there log files to syslog-ng, without issue. I having an issue getting syslog-ng to work with logs from our Brocade MLX’s. I run wireshark on the syslog server and see the file hit it. However, syslog-ng does not put it in its folder or any where else. Sections of the config file relevant to the Brocade. destination d_bro { file("/home/hosts/brocade/$YEAR$MONTH$DAY-$HOST.log"); }; ##################### # BROCADE ##################### filter f_bro { not level(debug) and ( host( "BROCADE-BG-MLX" ) or host( "BROCADE-BG-FESX" ) or host( "BROCADE-BR-MLX" ) or host( "BROCADE-DUCK-FESX" ) or host( "BROCADE-ELJY-MLX" ) or host( "BROCADE-JSPR-MLX" ) or host( "BROCADE-STUDIO-FESX" ));}; log { source(s_net); filter(f_bro); destination(d_bro); }; Wireshark on the server - Capture.PNG
DNS ? What if you used the IP address as a test? Is Jasper-MLX-Security what is being set in the HOST header ? On Tue, Jun 27, 2017 at 2:23 PM, PENLAND,MATTHEW & DANA <matt@etcmail.com> wrote:
I have several systems that are sending there log files to syslog-ng, without issue. I having an issue getting syslog-ng to work with logs from our Brocade MLX’s. I run wireshark on the syslog server and see the file hit it. However, syslog-ng does not put it in its folder or any where else.
Sections of the config file relevant to the Brocade.
destination d_bro { file("/home/hosts/brocade/$YEAR$MONTH$DAY-$HOST.log"); };
##################### # BROCADE #####################
filter f_bro { not level(debug) and ( host( "BROCADE-BG-MLX" ) or host( "BROCADE-BG-FESX" ) or host( "BROCADE-BR-MLX" ) or host( "BROCADE-DUCK-FESX" ) or host( "BROCADE-ELJY-MLX" ) or host( "BROCADE-JSPR-MLX" ) or host( "BROCADE-STUDIO-FESX" ));};
log { source(s_net); filter(f_bro); destination(d_bro); };
Wireshark on the server - Capture.PNG
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, If I remember correctly, the host filter works on the host field of the message itself. And in the wireshark picture, the host field is something Jasper-MLX and nothing you similar you mention in the filter.
-----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of PENLAND,MATTHEW & DANA Sent: Tuesday, June 27, 2017 8:24 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslog-ng 3.9
I have several systems that are sending there log files to syslog-ng, without issue. I having an issue getting syslog-ng to work with logs from our Brocade MLX’s. I run wireshark on the syslog server and see the file hit it. However, syslog-ng does not put it in its folder or any where else.
Sections of the config file relevant to the Brocade.
destination d_bro { file("/home/hosts/brocade/$YEAR$MONTH$DAY- $HOST.log"); };
##################### # BROCADE #####################
filter f_bro { not level(debug) and ( host( "BROCADE-BG-MLX" ) or host( "BROCADE-BG-FESX" ) or host( "BROCADE-BR-MLX" ) or host( "BROCADE-DUCK-FESX" ) or host( "BROCADE-ELJY-MLX" ) or host( "BROCADE-JSPR-MLX" ) or host( "BROCADE-STUDIO-FESX" ));};
log { source(s_net); filter(f_bro); destination(d_bro); };
Wireshark on the server - Capture.PNG
-------------------------------------------------------------------------------- NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By communicating with Morgan Stanley you consent to the foregoing and to the voice recording of conversations with personnel of Morgan Stanley.
participants (3)
-
PENLAND,MATTHEW & DANA
-
Scot
-
Szalai, Attila