[syslog-ng]filter problem
bugtraq
syslog-ng@lists.balabit.hu
Fri, 18 Jun 2004 18:21:34 +0400
Ok Thanx
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Henning Markussen
Sent: Friday, June 18, 2004 2:57 PM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]filter problem
Hi
That is because the filter cisco_1 matches the address 192.168.0.1*,
ex. 192.168.0.1 or 192.168.0.10 or 192.168.0.100 or 192.168.0.111
The filter at-rpg6_1 matches 192.168.0.10*
ex. 192.168.0.10 or 192.168.0.100 or 192.168.0.102 or 192.168.0.109
Change the filter to
filter cisco_1 { host ("192.168.0.1$"); };
filter at-rpg6_1 { host ("192.168.0.10$"); };
- Henning
> Hi all. I have some network devices witch syslog function from example
>
>
>
> 1. 192.168.0.1
> 2. 192.168.0.10
>
>
>
> I create syslog config and define this filter's
>
>
>
>
----------------------------------------------------------------------------
> -------------------------------------
>
> source s_network { udp ( ip (0.0.0.0) port (514) ); };
>
>
>
> filter cisco_1 { host ("192.168.0.1"); };
>
> filter at-rpg6_1 { host ("192.168.0.10"); };
>
>
>
> destination cisco_1 { file ( /usr/local/syslog-ng/log/cisco.log ); };
>
> destination d_file_6 { file ( /usr/local/syslog-ng/log/at-rpg6.log ); };
>
>
>
>
> log { source ( s_network ); filter ( cisco_1 ); destination ( cisco_1); };
>
> log { source ( s_network ); filter ( at-rpg6_1 ); destination ( d_file_6
> );
> };
>
>
----------------------------------------------------------------------------
> ---------------------------------------
>
>
>
> In this config I have some mistake, messages send from 192.168.0.10 stored
> into /usr/local/syslog-ng/log/at-rpg6.log
>
> And it also stored /usr/local/syslog-ng/log/cisco.log
>
> What's wrong ?
>
>
>
> forgive me for bad english
>
>
>
> WBR swop.
>
>
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html