[syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended

wiskbroom at hotmail.com wiskbroom at hotmail.com
Thu May 8 21:20:05 CEST 2008


With regards to filters for host, which one of the two is correct? (if any)

filter F_mailservers    { host ("^mail$*") or ("^smtp$); };

filter F_mailservers    { host("^mail$") or
host("^smtp$"); }; 

Again, I am trying to find hosts named mailserver1, mailserver2, mailserver-gw, smtpgw1 and smtp-gw

Thanks in advance,

.vp
From: wiskbroom at hotmail.com
To: syslog-ng at lists.balabit.hu
Date: Thu, 8 May 2008 15:08:48 -0400
Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule, Not One Intended









syslog-ng 2.0.7

I remember needing that in order to see the hostname from a WAP not too long ago.

> From: Sandor.Geller at morganstanley.com
> To: syslog-ng at lists.balabit.hu
> Date: Thu, 8 May 2008 19:19:05 +0100
> Subject: Re: [syslog-ng] Problems With Filter Rules - Using First Rule,	Not One Intended
> 
> Hi,
> 
> > Here are some recent logs.
> >
> >
> > May  8 13:48:41 mailserver1.mycorp.net/mailserver1.mycorp.net
> > postfix/smtp[22079]: [ID 197553 mail.info] BBBF66CB1E:
> > to=<b.smith at nodomain.net>,
> > relay=192.168.12.1[192.168.12.1]:25, delay=0.48,
> > delays=0.31/0.02/0.01/0.14, dsn=2.6.0, status=sent (250 2.6.0
> >
> > <B7C2C6BA798F3C4DBDD78BEDC1F8AD5732046E44 at ns2.someotherdomain.
> com> Queued mail for delivery)
> 
> Which version of syslog-ng are you using? I remember that postfix
> (more precisely postfix/daemonname-like program names) caused
> problems for older versions, although this might be unrelated.
> 
> > I *believe* the double hostname is die to
> > chain_hostnames=yes?  Don't remember.
> 
> No, there would be an '@' between the hostnames. I still don't see
> how 'sw' could match your logs :(
> 
> regards,
> 
> Sandor
> --------------------------------------------------------
> 
> NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080508/7ad1e165/attachment.htm 


More information about the syslog-ng mailing list