[syslog-ng]weird... please help

bretwatson@charteredsemi.com bretwatson@charteredsemi.com
Wed, 7 Nov 2001 16:36:10 +0800 

This is a multipart message in MIME format.
--=_alternative 002F385948256AFD_=
Content-Type: text/plain; charset="us-ascii"

Hmm I'm stuffed up I guess, but I can't work out where... Please help!!!

Thanks,

Bret


Here is my syslog-ng.conf file
options {
        sync(0);
        time_reopen(10);
        log_fifo_size(100);
};

source local { sun-streams("/dev/log" door("/etc/.syslog_door")); 
internal(); };
source net { udp(); };

destination all { file("/var/adm/messages"); };
destination vpn { file("/usr/log1/vpn.log"); };


filter f_vpnhosts { host("203.126.246.216") or host("203.126.246.217") or 
host("203.126.246.218"); };
filter f_vpnhosts2 { host("10.84.3.10"); };

log { source(net); filter(f_vpnhosts); destination(vpn); };
log { source(net); filter(f_vpnhosts2); destination(vpn); };
log { source(local); destination(all); };
log { source(net); destination(all); };


Here is the log lines I'm trying to re-direct to the vpn.log 

Nov  7 08:15:55 10.84.3.10/10.84.3.10 [1:33947706:Gate7520:CHARTERED 
01:203.126.246.216]2001/11/07 16:27:41 Isakmp  ScSA: Rekey Phase 2: 
Loc:10.200.*.*, Rem:10.84.3.50 (66.68.164.196)

But what happens is that everything ends up in teh "all" destination 
instead of the vpn destination....


--=_alternative 002F385948256AFD_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">Hmm I'm stuffed up I guess, but I can't work out where... Please help!!!</font>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br>
<br><font size=2 face="sans-serif">Bret</font>
<br>
<br>
<br><font size=2 face="sans-serif">Here is my syslog-ng.conf file</font>
<br><font size=2 face="sans-serif">options {</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; sync(0);</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; time_reopen(10);</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; log_fifo_size(100);</font>
<br><font size=2 face="sans-serif">};</font>
<br>
<br><font size=2 face="sans-serif">source local { sun-streams(&quot;/dev/log&quot; door(&quot;/etc/.syslog_door&quot;)); internal(); };</font>
<br><font size=2 face="sans-serif">source net { udp(); };</font>
<br>
<br><font size=2 face="sans-serif">destination all { file(&quot;/var/adm/messages&quot;); };</font>
<br><font size=2 face="sans-serif">destination vpn { file(&quot;/usr/log1/vpn.log&quot;); };</font>
<br>
<br>
<br><font size=2 face="sans-serif">filter f_vpnhosts { host(&quot;203.126.246.216&quot;) or host(&quot;203.126.246.217&quot;) or host(&quot;203.126.246.218&quot;); };</font>
<br><font size=2 face="sans-serif">filter f_vpnhosts2 { host(&quot;10.84.3.10&quot;); };</font>
<br>
<br><font size=2 face="sans-serif">log { source(net); filter(f_vpnhosts); destination(vpn); };</font>
<br><font size=2 face="sans-serif">log { source(net); filter(f_vpnhosts2); destination(vpn); };</font>
<br><font size=2 face="sans-serif">log { source(local); destination(all); };</font>
<br><font size=2 face="sans-serif">log { source(net); destination(all); };</font>
<br>
<br>
<br><font size=2 face="sans-serif">Here is the log lines I'm trying to re-direct to the vpn.log </font>
<br>
<br><font size=2 face="sans-serif">Nov &nbsp;7 08:15:55 10.84.3.10/10.84.3.10 [1:33947706:Gate7520:CHARTERED 01:203.126.246.216]2001/11/07 16:27:41 Isakmp &nbsp;ScSA: Rekey Phase 2: Loc:10.200.*.*, Rem:10.84.3.50 (66.68.164.196)</font>
<br>
<br><font size=2 face="sans-serif">But what happens is that everything ends up in teh &quot;all&quot; destination instead of the vpn destination....</font>
<br>
<br>
--=_alternative 002F385948256AFD_=--