Syslog-ng and filters

So, over the weekend, I had to update 200 routers with SNMP configs, and point them to my SYSLOG server. Easy, right? Well, tedious, since half-way I figured I should have used EXPECT, but by then, I was already half-done.

Anyway, after all my work, I noticed that my syslogs were not receiving any logging. Doing a TCPDUMP showed I received the logs. Strange?

I have alot of filtering done in SYSLOG-NG. With my naming convention, all end-point access routers use [location]-arXX (where XX is the numbered router at that location). So, my filter for access routers is:


Well, after some searching, SYSLOG-NG actually does a reverse DNS lookup to determine the name, even though I have the hostname inside the log.

After adding 200+ reverse DNS entries, I finally got it working.