[syslog-ng]filter problem
Henning Markussen
syslog-ng@lists.balabit.hu
Fri, 18 Jun 2004 12:56:42 +0200 (CEST)
Hi
That is because the filter cisco_1 matches the address 192.168.0.1*,
ex. 192.168.0.1 or 192.168.0.10 or 192.168.0.100 or 192.168.0.111
The filter at-rpg6_1 matches 192.168.0.10*
ex. 192.168.0.10 or 192.168.0.100 or 192.168.0.102 or 192.168.0.109
Change the filter to
filter cisco_1 { host ("192.168.0.1$"); };
filter at-rpg6_1 { host ("192.168.0.10$"); };
- Henning
> Hi all. I have some network devices witch syslog function from example
>
>
>
> 1. 192.168.0.1
> 2. 192.168.0.10
>
>
>
> I create syslog config and define this filter's
>
>
>
> ----------------------------------------------------------------------------
> -------------------------------------
>
> source s_network { udp ( ip (0.0.0.0) port (514) ); };
>
>
>
> filter cisco_1 { host ("192.168.0.1"); };
>
> filter at-rpg6_1 { host ("192.168.0.10"); };
>
>
>
> destination cisco_1 { file ( /usr/local/syslog-ng/log/cisco.log ); };
>
> destination d_file_6 { file ( /usr/local/syslog-ng/log/at-rpg6.log ); };
>
>
>
>
> log { source ( s_network ); filter ( cisco_1 ); destination ( cisco_1); };
>
> log { source ( s_network ); filter ( at-rpg6_1 ); destination ( d_file_6
> );
> };
>
> ----------------------------------------------------------------------------
> ---------------------------------------
>
>
>
> In this config I have some mistake, messages send from 192.168.0.10 stored
> into /usr/local/syslog-ng/log/at-rpg6.log
>
> And it also stored /usr/local/syslog-ng/log/cisco.log
>
> What's wrong ?
>
>
>
> forgive me for bad english
>
>
>
> WBR swop.
>
>