[syslog-ng] syslog-ng and host() filters regex problem
Michael Di Martino
mdm at telx.com
Mon Jul 18 23:27:45 CEST 2005
Si
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of syslog-ng
Sent: Monday, July 18, 2005 5:23 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] syslog-ng and host() filters regex problem
hello,
I have a problem with syslog-ng and host() filters regex. I need to sort
out logs coming from different source addresses in various files, so I
started with this configuration:
filter f_cp_ { host("10.28.88.4"); };
[10 similar host filters]
filter f_pix_1 { host("10.29.42.3"); };
for every filter I defined a file destination and a log statement like
this one:
log { source(s_udp); filter(f_pix_1); destination(nfs_pix_1); };
This configuration works as expected, but since logs might come from
other IP addresses which don't have to get mixed up (eg 10.28.88.41
matches the first filter but shouldn't) I'd like to use a regexp in the
host file; I tried just by adding a $ at the end of the IP, like
this:
filter f_cp_dl380 { host("10.28.88.4$"); }; [10 similar host filters]
filter f_pix_1VF { host("10.29.42.3$"); };
After sending a HUP to the process syslog-ng stops writing input packets
to the various log files. Just removing the $ after the ip address and
sending another HUP to the server restores functionality.
I also tried with a full IP regexp, as found in another post on the list
(host("^10\.28\.88\.4$")) but the result is the same. I also tried
upgrading my syslog-ng from 1.6.2 to 1.6.8 but nothing changed.
It seems like the config parser is somehow unable to manage more than a
handful of host regexps correctly.
I can provide full configuration files if needed.
thanks for the help,
Stefania
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list