[syslog-ng] syslog-ng and host() filters regex problem
syslog-ng
syslogng at gmail.com
Mon Jul 18 23:22:45 CEST 2005
hello,
I have a problem with syslog-ng and host() filters regex. I need to
sort out logs coming from different source addresses in various files,
so I started with this configuration:
filter f_cp_ { host("10.28.88.4"); };
[10 similar host filters]
filter f_pix_1 { host("10.29.42.3"); };
for every filter I defined a file destination and a log statement like this one:
log { source(s_udp); filter(f_pix_1); destination(nfs_pix_1); };
This configuration works as expected, but since logs might come from
other IP addresses which don't have to get mixed up (eg 10.28.88.41
matches the first filter but shouldn't) I'd like to use a regexp in
the host file; I tried just by adding a $ at the end of the IP, like
this:
filter f_cp_dl380 { host("10.28.88.4$"); };
[10 similar host filters]
filter f_pix_1VF { host("10.29.42.3$"); };
After sending a HUP to the process syslog-ng stops writing input
packets to the various log files. Just removing the $ after the ip
address and sending another HUP to the server restores functionality.
I also tried with a full IP regexp, as found in another post on the
list (host("^10\.28\.88\.4$")) but the result is the same. I also
tried upgrading my syslog-ng from 1.6.2 to 1.6.8 but nothing changed.
It seems like the config parser is somehow unable to manage more than
a handful of host regexps correctly.
I can provide full configuration files if needed.
thanks for the help,
Stefania
More information about the syslog-ng
mailing list