[syslog-ng] sylog-ng filters not working

Harsha S Aryan harsha.s.aryan at gmail.com
Wed Aug 3 19:22:21 CEST 2016 

Still same issue

On Aug 3, 2016 10:35 PM, "SZIGETVÁRI János" <jszigetvari at gmail.com> wrote:

> Hello Christian,
>
> Syslog-ng would issue a warning had there been a syntax error. (You can
> check your config files for syntax errors with the -svf <configfile>
> parameters set.)
>
> To me it seems that the filter you've set up for that specific IP range
> "f_devenv01_04net" is not the same that you seem to be using in your log
> stanza ("f_devenv_04net").
>
> Best Regards,
> János Szigetvári
>
> --
> Janos SZIGETVARI
> RHCE, License no. 150-053-692
> <https://www.redhat.com/rhtapps/verify/?certId=150-053-692>
>
> __ at __˚V˚
> Make the switch to open (source) applications, protocols, formats now:
> - windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
> - msn -> jabber protocol (Pidgin, Google Talk)
> - mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
>
>
> 2016-08-03 17:52 GMT+02:00 Christian Turner <cturner at highroads.com>:
>
>> Hi,
>>
>>
>>
>> I have the following filter configured;
>>
>>
>>
>> source src_devenv01                    { udp(ip(0.0.0.0) port(514)); };
>>
>> filter f_devenv01_04net              { netmask(10.22.209.0/24); };
>>
>> destination d_devenv_04net      {
>> file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log"); };
>>
>> log                                                    {
>> source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net);
>> flags(final); };
>>
>>
>>
>> However, the filter does not work, and the logs from this source all go
>> to the generic logging destination.
>>
>>
>>
>> I perform an strace and I can see that the IP appears as expected, so I’m
>> figuring I have a syntax error somewhere;
>>
>>
>>
>> [pid 28481] recvfrom(11, "<182>1 2016-08-03T10:27:50.645062-04:00 ::1
>> [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785),
>> sin_addr=inet_addr("*10.22.209.10*")}, [16]) = 265
>>
>>
>>
>> *Christian Turner*
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160803/e8e31f73/attachment.htm

More information about the syslog-ng mailing list