[syslog-ng] Syslog-ng SRC IP filter doesn't appear to work
Balazs Scheidler
bazsi at balabit.hu
Tue Oct 20 08:43:27 CEST 2009
On Mon, 2009-10-19 at 15:43 -0400, Matty wrote:
> Howdy,
>
> I am using syslog-ng 3.0.4, and am encountering a bizarre issue where
> a small percentage of messages don't match the following filter:
>
> filter f_hosts { (host("192.168.1.2") or
> host("192.168.1.3") or
> host("192.168.1.4"));
> };
this filters against the HOST portion of the syslog message and not the
sender IP address that sent the syslog frame to the collector. If you
want to filter based on that, you need the netmask() filter.
--
Bazsi
More information about the syslog-ng
mailing list