[syslog-ng] Filter netmask not working as expected
Balazs Scheidler
bazsi77 at gmail.com
Tue Nov 20 08:08:20 CET 2012
hi,
if you reference a source from two log statements both will get a copy of the same message. in the 2nd statement you request to send messages to d_local without filtering. that includes your ip too.
ahh, i see you are using flags(final), that should do the trick if the message is received on the same source (e.g. s_network). are you sure this is the case?
also, you can start syslog-ng in the foreground, enabling debug messages which should help you to narrow the problem further down.
# syslog-ng -Fedv
----- Original message -----
> Hi guys,
>
> Just new, and created the following conf for testing purposes. The
> problem is that i get the logs in both destinations despite the filter.
>
> @version: 3.4
> @include "scl.conf"
>
> options {
> keep_hostname(yes);
> normalize_hostnames(yes);
> threaded(yes);
> ts_format(iso); # Adds TZ
> #use_fqdn(yes);
> use_dns(no);
> };
>
> source s_local {
> system();
> internal();
> };
>
> source s_network {
> udp();
> };
>
> destination d_local {
> file("/var/log/messages");
> };
>
> destination d_my_mac {
> file("/var/log/mymac");
> };
>
> filter f_my_mac {
> netmask(10.24.18.2/255.255.255.255);
> };
>
> log {
> source(s_network);
> filter(f_my_mac);
> destination(d_my_mac);
> flags(final);
> };
>
> log {
> source(s_local);
> # uncomment this line to open port 514 to receive messages
> source(s_network);
> #destination(d_central_udp);
> destination(d_local);
> };
>
>
> as netmask i also tried cidr /24 and same thing. The problem is that i
> get the logs in both destinations. I only want to have them in my_mac
>
> Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20121120/495a9245/attachment.htm
More information about the syslog-ng
mailing list