[syslog-ng]filter problem
bugtraq
syslog-ng@lists.balabit.hu
Fri, 18 Jun 2004 14:01:25 +0400
This is a multi-part message in MIME format.
------=_NextPart_000_0017_01C4553C.BEF459A0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 7bit
Hi all. I have some network devices witch syslog function from example
1. 192.168.0.1
2. 192.168.0.10
I create syslog config and define this filter's
----------------------------------------------------------------------------
-------------------------------------
source s_network { udp ( ip (0.0.0.0) port (514) ); };
filter cisco_1 { host ("192.168.0.1"); };
filter at-rpg6_1 { host ("192.168.0.10"); };
destination cisco_1 { file ( /usr/local/syslog-ng/log/cisco.log ); };
destination d_file_6 { file ( /usr/local/syslog-ng/log/at-rpg6.log ); };
log { source ( s_network ); filter ( cisco_1 ); destination ( cisco_1); };
log { source ( s_network ); filter ( at-rpg6_1 ); destination ( d_file_6 );
};
----------------------------------------------------------------------------
---------------------------------------
In this config I have some mistake, messages send from 192.168.0.10 stored
into /usr/local/syslog-ng/log/at-rpg6.log
And it also stored /usr/local/syslog-ng/log/cisco.log
What's wrong ?
forgive me for bad english
WBR swop.
------=_NextPart_000_0017_01C4553C.BEF459A0
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Arial CYR";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.Section1
{page:Section1;}
/* List Definitions */
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=3DRU link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>Hi all. I have some network devices witch =
syslog
function from example</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<ol style=3D'margin-top:0cm' start=3D1 type=3D1>
<li class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>192.168.0.1</span></font><span =
lang=3DEN-US> </span></li>
<li class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>192.168.0.10</span></font><span =
lang=3DEN-US> </span></li>
</ol>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>I create syslog config and define this =
filter’s</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>-----------------------------------------------=
------------------------------------------------------------------</span>=
</font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>source s_network { udp ( ip (0.0.0.0) =
port
(514) ); };</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>filter cisco_1 { host =
("192.168.0.1"); };</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>filter at-rpg6_1 { host =
("192.168.0.10");
};</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>destination cisco_1 { file (
/usr/local/syslog-ng/log/cisco.log ); };</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>destination d_file_6 { file (
/usr/local/syslog-ng/log/at-rpg6.log ); };
=
</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>log { source ( s_network ); filter ( cisco_1 =
);
destination ( cisco_1); };</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>log { source ( s_network ); filter ( at-rpg6_1 =
);
destination ( d_file_6 ); };</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>-----------------------------------------------=
--------------------------------------------------------------------</spa=
n></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>In this config I have some mistake, messages =
send
from 192.168.0.10 stored into /usr/local/syslog-ng/log/at-rpg6.log =
</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>And it also stored =
/usr/local/syslog-ng/log/cisco.log
</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'>What’s wrong ?</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Arial =
CYR"><span lang=3DEN-US
style=3D'font-size:10.0pt;font-family:"Arial CYR";color:black'>forgive =
me for bad
english</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Arial =
CYR"><span lang=3DEN-US
style=3D'font-size:10.0pt;font-family:"Arial =
CYR";color:black'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Arial =
CYR"><span lang=3DNL
style=3D'font-size:10.0pt;font-family:"Arial CYR";color:black'>WBR =
swop.</span></font></p>
</div>
</body>
</html>
------=_NextPart_000_0017_01C4553C.BEF459A0--