Teneo !!!

Aaron’s blog on Networking, and Enterprise Technology

Tag Archives: syslog-ng

Syslog-ng and filters

So, over the weekend, I had to update 200 routers with SNMP configs, and point them to my SYSLOG server. Easy, right? Well, tedious, since half-way I figured I should have used EXPECT, but by then, I was already half-done.

Anyway, after all my work, I noticed that my syslogs were not receiving any logging. Doing a TCPDUMP showed I received the logs. Strange?

I have alot of filtering done in SYSLOG-NG. With my naming convention, all end-point access routers use [location]-arXX (where XX is the numbered router at that location). So, my filter for access routers is:

host(^.*-ar[0-9]{1,2}.*);

Well, after some searching, SYSLOG-NG actually does a reverse DNS lookup to determine the name, even though I have the hostname inside the log.

After adding 200+ reverse DNS entries, I finally got it working.