[syslog-ng] sylog-ng filters not working
SZIGETVÁRI János
jszigetvari at gmail.com
Wed Aug 3 22:06:17 CEST 2016
Hello Gergő,
2016-08-03 19:43 GMT+02:00 Gergely Csordás <sirnelkher at gmail.com>:
> <182>1 2016-08-03T10:27:50.645062-04:00 ::1 [[REDACTED]]...
>
>
> As I see the IP address is ::1 in the message, as the hostname (or IP
> address) comes after the timestamp.
>
> So in this case the IPv4 filter won't kick in for an IPv6 address.
>
The netmask() filter does not check the contents of the HOST macro, but
rather uses the sender's IP address for the comparison:
https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#filter-netmask
As per the strace, the UDP package in deed seems to originate from
10.22.209.10.
Regards,
János
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160803/97b1ba1c/attachment.htm
More information about the syslog-ng
mailing list