drop action to forwarding logs to a remote server is not working

#1 montealegre.diego@gmail.com 5 months ago

Good Afternoon Team.

I have a nxlog service running on a windows server. It has input rule to collect syslog from several devices like this:

<Input syslog514udp>Module im_udpPort 514Host 0.0.0.0<Exec> $raw_event =~ s/\r?\n/#012/g; parse_syslog_bsd();</Exec> </Input>

I am trying to forward the syslog of one specific device (10.10.10.10) to a public IP 190.20.30.40, but the filter is not working since nxlog is forwarding everything, configuration bellow:

<Output OutNetomi>Exec if ($MessageSourceAddress == ‘10.10.10.10’) drop();Module om_udpHost 190.20.30.40Port 514</Output>

Do you know where the error is?

Thank you.

Diego.

Permalink

#2 alexander.lifanov@nxlog.org Nxlog ✓ 5 months ago

$MessageSourceAddress returns a special datatype ipaddr, not a string:
https://docs.nxlog.co/refman/v6.0/im/udp.html#fields
So, equality comparison never matches.