drop action to forwarding logs to a remote server is not working
Good Afternoon Team.
I have a nxlog service running on a windows server. It has input rule to collect syslog from several devices like this:
<Input syslog514udp>Module im_udpPort 514Host 0.0.0.0<Exec> $raw_event =~ s/\r?\n/#012/g; parse_syslog_bsd();</Exec> </Input>
I am trying to forward the syslog of one specific device (10.10.10.10) to a public IP 18.104.22.168, but the filter is not working since nxlog is forwarding everything, configuration bellow:
<Output OutNetomi>Exec if ($MessageSourceAddress == ‘10.10.10.10’) drop();Module om_udpHost 22.214.171.124Port 514</Output>
Do you know where the error is?
$MessageSourceAddress returns a special datatype ipaddr, not a string:
So, equality comparison never matches.