[syslog-ng] syslog-ng- filter() problem

[Frans Stekelenburg]

try making another filter first with the three filters and 'or'
statements.
Sounds like your config creates an and-and-and situation for you,
leading in nothing beeing logged.
 
I think I came across this situation on one of the helpful pages around
(google), but unfortunatly don't remember where, so I can't refer you to
it.
 
regards,
frans
 


  _____  

	From: Kelly Pow [mailto:kelly.pow at sjrb.ca] 
	Sent: dinsdag 2 augustus 2005 18:55
	To: Syslog-ng users' and developers' mailing list;
ebroo at healthydirections.com
	Subject: RE: [syslog-ng] syslog-ng- filter() problem
	
	

	 

	Hi,

	I am collecting traps and syslog data

	Yes they are being sent to the right place.

	Yes the destinations exist and the permissions are correct

	I am running Gentoo

	And syslog-ng version- 1.6.5-r2

	 

	The problem is: 

	log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter
(f_ipbb2); destination(ipbb_traps); };

	 

	if I only have : 

	log { source(src); filter(f_snmptrap); destination(ipbb_traps);
};

	or 

	log { source(src); filter(f_ipbb1); destination(ipbb_traps); };

	 

	but when I add more filters it give me nothing

	Why?

	 

	 

	 

	Kelly Pow

	IP Backbone Networks Intern

	Shaw CableSystems G.P

	Tel: 1.403.303.6387

	kelly.pow at sjrb.ca

	
  _____  


	From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Edward
Brookhouse
	Sent: Friday, July 29, 2005 5:08 AM
	To: 'Syslog-ng users' and developers' mailing list'
	Subject: RE: [syslog-ng] syslog-ng- filter() problem

	 

	Are you collecting traps or syslog data ? 

	 

	Tcpdump is your friend  - are the syslog speakers speaking to
the right place ?

	Is anything else being logged on the box from other sources?

	 

	Does the destination exist and permissions correct 

	 

	What os ? Which versions of syslog-ng  

	 

	
  _____  


	From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Kelly Pow
	Sent: Thursday, July 28, 2005 5:55 PM
	To: syslog-ng at lists.balabit.hu
	Subject: [syslog-ng] syslog-ng- filter() problem

	 

	Hi,

	I am trying to collect traps from these two networks.
66.163.79.0/255.255.255.128 and 64.251.65.224/255.255.255.240

	I don't understand why when I do this it doesn't collect
anything

	Any ideas/.??

	 

	
------------------------------------------------------------------------
-------------------------------

	 

	source src{unix-stream("/dev/log"); internal();
pipe("/proc/kmsg"); };

	destination messages { file("/var/log/messages"); };

	filter f_messages { not level(warn); };

	log { source(src);  filter(f_messages); destination(messages);
};

	 

	#filter snmptrap

	filter f_snmptrap { level(warn); };

	 

	#testing filters for the different networks

	filter f_ipbb1 {netmask("66.163.79.0/255.255.255.128"); };

	filter f_ipbb2 {netmask("64.251.65.224/255.255.255.240"); };

	 

	destination ipbb_traps {
file("/store/ipbb/traps/$YEAR-$MONTH-$DAY"); };

	 

	log { source(src); filter(f_snmptrap); filter(f_ipbb1); filter
(f_ipbb2); destination(ipbb_traps); };

	 

	
------------------------------------------------------------------------
-----------------------------------

	Kelly Pow

	IP Backbone Networks Intern

	Shaw CableSystems G.P

	Tel: 1.403.303.6387

	kelly.pow at sjrb.ca

	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050803/e6b78d07/attachment.html