drop action to forwarding logs to a remote server is not working
Good Afternoon Team.
I have a nxlog service running on a windows server. It has input rule to collect syslog from several devices like this:
<Input syslog514udp>Module im_udpPort 514Host 0.0.0.0<Exec> $raw_event =~ s/\r?\n/#012/g; parse_syslog_bsd();</Exec> </Input>
I am trying to forward the syslog of one specific device (10.10.10.10) to a public IP 190.20.30.40, but the filter is not working since nxlog is forwarding everything, configuration bellow:
<Output OutNetomi>Exec if ($MessageSourceAddress == ‘10.10.10.10’) drop();Module om_udpHost 190.20.30.40Port 514</Output>
Do you know where the error is?
Thank you.
Diego.
$MessageSourceAddress returns a special datatype ipaddr, not a string:
https://docs.nxlog.co/refman/v6.0/im/udp.html#fields
So, equality comparison never matches.
