Re: [syslog-ng] Log only one host
As you can see the device gives a valid syslog header. Destination of Firewall in fw.log: # tailf fw.log Dec 13 13:58:47 192.168.1.254/192. 168.1.254 Fw-Vigor2955: 149:13:59.970 lan->wan @S:R=13:1 p 192.168.1.8,19679 -> 82.200.234.214,33244 PR UDP len 20 131 Destination of Access Point .241 in ap241.log: # tailf ap241.log Dec 13 13:58:47 192.168.1.254/192.168.1.254 Fw-Vigor2955: 149:13:59.770 lan-
wan @S:R=13:1 p 192.168.1.8,19679 -> 94.244.30.85,63708 PR UDP len 20 131
It writes the same thing!! My configuration is the following: source udp { udp(); }; destination d_fw { file("/**/**/fw.log" create_dirs(yes) fsync(yes)); }; filter f_fw { netmask ("192.168.1.254/32"); ##try to log one host }; log { source(udp); destination(d_fw); filter(f_fw); }; Therefore, how I do?? Thanks Tokie E' nata indoona: chiama, videochiama e messaggia Gratis. Scarica indoona per iPhone, Android e PC: http://www.indoona.com/
Hi All! On Tue, 2011-12-13 at 15:39 +0100, tokie@tiscali.it wrote:
log { source(udp);
destination(d_fw); filter(f_fw); };
The log path is a sequence. If you first write the logs into the destination the filter will do nothing. You should change the destination and the filter statement. -- Attila Szalay Support (L3) Team Leader e-mail: attila.szalay@balabit.com phone: +36 1 398 6707 BalaBit IT Security www.balabit.com H-1117 Budapest, Aliz street 2. This Communication is Confidential. We only send and receive email on the basis of the term set out at http://www.balabit.com/disclaimer/.
participants (2)
-
Szalay Attila
-
tokie@tiscali.it