[syslog-ng] [Bug 140] New: syslog-ng ignores filter boolean logic
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Sun Oct 23 19:54:48 CEST 2011
https://bugzilla.balabit.com/show_bug.cgi?id=140
Summary: syslog-ng ignores filter boolean logic
Product: syslog-ng
Version: 3.3.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: lisaev at umail.iu.edu
Type of the Report: ---
Estimated Hours: 0.0
Created an attachment (id=42)
--> (https://bugzilla.balabit.com/attachment.cgi?id=42)
syslog-ng 3.3.1 config file
I am running syslog-ng 3.3.1 (arch linux), and noticed that my iptables logs
go into every possible logfile, i.e. /var/log/{messages,kernel,iptables}.log.
For example:
cur_work$ tail -n1 /var/log/kernel.log
Oct 23 12:43:18 linhost kernel: [ 5372.600518] firewall: IN=wlan0 OUT= MAC=00:26:c6:d7:27:6a:00:17:0f:70:b1:00:08:00
SRC=74.125.65.108 DST=96.125.23.251 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=28546 PROTO=TCP SPT=993 DPT=52331 WINDOW=0
RES=0x00 RST URGP=0
This is despite the fact that syslog-ng.conf contains
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
I also tried modifying f_iptables as
filter f_iptables { match("firewall" value("MESSAGE")); };
but still get firewall logs everywhere :( I add the full syslog-ng.conf as an attachment.
Thanks.
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list