[syslog-ng] sylog-ng filters not working

SZIGETVÁRI János jszigetvari at gmail.com
Wed Aug 3 19:37:44 CEST 2016 

Hello,

Then we'd need to take a look at your whole config.
Could you please attach it?

Thanks!

János

2016-08-03 19:22 GMT+02:00 Harsha S Aryan <harsha.s.aryan at gmail.com>:

> Still same issue
>
> On Aug 3, 2016 10:35 PM, "SZIGETVÁRI János" <jszigetvari at gmail.com> wrote:
>
>> Hello Christian,
>>
>> Syslog-ng would issue a warning had there been a syntax error. (You can
>> check your config files for syntax errors with the -svf <configfile>
>> parameters set.)
>>
>> To me it seems that the filter you've set up for that specific IP range
>> "f_devenv01_04net" is not the same that you seem to be using in your log
>> stanza ("f_devenv_04net").
>>
>> Best Regards,
>> János Szigetvári
>>
>> --
>> Janos SZIGETVARI
>> RHCE, License no. 150-053-692
>> <https://www.redhat.com/rhtapps/verify/?certId=150-053-692>
>>
>> __ at __˚V˚
>> Make the switch to open (source) applications, protocols, formats now:
>> - windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
>> - msn -> jabber protocol (Pidgin, Google Talk)
>> - mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
>>
>>
>> 2016-08-03 17:52 GMT+02:00 Christian Turner <cturner at highroads.com>:
>>
>>> Hi,
>>>
>>>
>>>
>>> I have the following filter configured;
>>>
>>>
>>>
>>> source src_devenv01                    { udp(ip(0.0.0.0) port(514)); };
>>>
>>> filter f_devenv01_04net              { netmask(10.22.209.0/24); };
>>>
>>> destination d_devenv_04net      {
>>> file("/mnt/syslogng/p2alogs/DEVENV/04net-$HOST-$YEAR$MONTH$DAY.log"); };
>>>
>>> log                                                    {
>>> source(src_devenv01); filter(f_devenv_04net); destination(d_devenv_04net);
>>> flags(final); };
>>>
>>>
>>>
>>> However, the filter does not work, and the logs from this source all go
>>> to the generic logging destination.
>>>
>>>
>>>
>>> I perform an strace and I can see that the IP appears as expected, so
>>> I’m figuring I have a syntax error somewhere;
>>>
>>>
>>>
>>> [pid 28481] recvfrom(11, "<182>1 2016-08-03T10:27:50.645062-04:00 ::1
>>> [[REDACTED]]..., 8192, 0, {sa_family=AF_INET, sin_port=htons(58785),
>>> sin_addr=inet_addr("*10.22.209.10*")}, [16]) = 265
>>>
>>>
>>>
>>> *Christian Turner*
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160803/32bcfb7b/attachment-0001.htm

More information about the syslog-ng mailing list