[syslog-ng] netmask filter issue
brian hoffman
brianhoffman at yahoo.com
Mon Oct 14 18:27:21 UTC 2024
I set up a filter to send certain messages matching an IP range to a destination (a simplified version of my actual config).filter f_siem {
netmask(192.168.128/17) or};
For some reason this is picking up the address 192.168.63.41, even though it's not in the range. 192.168.63.41 (10101100.00010111.0) does not match the network portion of 192.168.128.0/17 (10101100.00010111.1) but for some reason it's still getting picked up. I know for sure that it is this particular line because when I comment it out the messages are no longer forwarded for that device.
Is there something different about the way this netmask directive works in syslog-ng that would cause it to get matched by this filter?-Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20241014/56afb267/attachment.htm>
More information about the syslog-ng
mailing list