[syslog-ng] sylog-ng filters not working

Christian Turner cturner at highroads.com
Wed Aug 3 17:52:46 CEST 2016


Hi,

I have the following filter configured;

source src_devenv01                    { udp(ip(0.0.0.0) port(514)); };
filter f_devenv01_04net              { netmask(10.22.209.0/24); };
destination d_devenv_04net      { file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log"); };
log                                                    { source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net); flags(final); };

However, the filter does not work, and the logs from this source all go to the generic logging destination.

I perform an strace and I can see that the IP appears as expected, so I'm figuring I have a syntax error somewhere;

[pid 28481] recvfrom(11, "<182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785), sin_addr=inet_addr("10.22.209.10")}, [16]) = 265

Christian Turner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160803/64f85e06/attachment.htm 


More information about the syslog-ng mailing list