[syslog-ng] Syslog-ng 3.9

[Szalai, Attila]

Hi,

If I remember correctly, the host filter works on the host field of the message itself. And in the wireshark picture, the host field is something Jasper-MLX and nothing you similar you mention in the filter.

> -----Original Message-----
> From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of
> PENLAND,MATTHEW & DANA
> Sent: Tuesday, June 27, 2017 8:24 PM
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Syslog-ng 3.9
> 
> I have several systems that are sending there log files to syslog-ng, without
> issue. I having an issue getting syslog-ng to work with logs from our Brocade
> MLX’s. I run wireshark on the syslog server and see the file hit it. However,
> syslog-ng does not put it in its folder or any where else.
> 
> 
> Sections of the config file relevant to the Brocade.
> 
> destination d_bro { file("/home/hosts/brocade/$YEAR$MONTH$DAY-
> $HOST.log"); };
> 
> 
> #####################
> # BROCADE
> #####################
> 
> filter f_bro  { not level(debug) and (
>                   host( "BROCADE-BG-MLX" ) or
>                   host( "BROCADE-BG-FESX" ) or
>                   host( "BROCADE-BR-MLX" ) or
>                   host( "BROCADE-DUCK-FESX" ) or
>                   host( "BROCADE-ELJY-MLX" ) or
>                   host( "BROCADE-JSPR-MLX" ) or
>                   host( "BROCADE-STUDIO-FESX" ));};
> 
> log { source(s_net); filter(f_bro); destination(d_bro); };
> 
> 
> Wireshark on the server - Capture.PNG
> 


--------------------------------------------------------------------------------

NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers  If you cannot access these links, please notify us by reply message and we will send the contents to you. By communicating with Morgan Stanley you consent to the foregoing and to the voice recording of conversations with personnel of Morgan Stanley.