[syslog-ng] sylog-ng filters not working

Christian Turner cturner at highroads.com
Wed Aug 3 17:52:46 CEST 2016


I have the following filter configured;

source src_devenv01                    { udp(ip( port(514)); };
filter f_devenv01_04net              { netmask(; };
destination d_devenv_04net      { file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log"); };
log                                                    { source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net); flags(final); };

However, the filter does not work, and the logs from this source all go to the generic logging destination.

I perform an strace and I can see that the IP appears as expected, so I'm figuring I have a syntax error somewhere;

[pid 28481] recvfrom(11, "<182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785), sin_addr=inet_addr("")}, [16]) = 265

Christian Turner

