Hi daivd, please see log below box1Oct 10 14:14:55 box1 kernel: ipt: SATURIN=bond0 OUT= MAC=90:b1:1c:94:9d:49:00:1b:0d:e5:fd:09:08:90 SRC=12.12.12.12 DST=22.22.22.22 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=16965 DF PROTO=TCP SPT=51623 DPT=9917 WINDOW=14600 RES=0x00 SYN URGP=0 box2Oct 10 09:51:21 box2 kernel: ipt: SATURIN=bond0 OUT= MAC=90:b1:9c:31:99:36:00:19:0d:e5:fd:90:08:09 SRC=12.12.12.12 DST=23.23.23.23 LEN=64 TOS=0x00 PREC=0x00 TTL=58 ID=52679 DF PROTO=TCP SPT=58013 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
There is no diff as its two load same spec/OS/application etc. rsyslog version, aswell as iptables version. RegardsAshish > Date: Thu, 10 Oct 2013 09:27:17 -0700 > From: [email protected] > To: [email protected] > Subject: Re: [rsyslog] rsyslog filter > > could you please show a sample iptables log message from each system? > > David Lang > > On Thu, 10 Oct 2013, Ashish Nepal wrote: > > > Date: Thu, 10 Oct 2013 16:19:26 +0000 > > From: Ashish Nepal <[email protected]> > > Reply-To: rsyslog-users <[email protected]> > > To: rsyslog-users <[email protected]> > > Subject: [rsyslog] rsyslog filter > > > > Hi Rsyslog users, > > I have been trying to filter iptables rules from kernel rules, its been > > quite bizzare that same config works for one of the box and not in other. > > > > > > #### #### /etc/rsyslog.conf [CentOS release 6.4 (Final)]#### > > $ModLoad imuxsock # provides support for local system logging (e.g. via > > logger command)$ModLoad imklog # provides kernel logging support > > (previously done by rklogd)$ActionFileDefaultTemplate > > RSYSLOG_TraditionalFileFormat$IncludeConfig /etc/rsyslog.d/*.conf > > > > #iptables Log:msg, startswith,"ipt: " /var/log/iptables.log& ~ > > kern.* /var/log/kernel > > > > > > > > > > > > > > ###### As that didnt work i also tried to test below given format, with no > > luck. > > #iptables Log:msg, startswith,"ipt: " -/var/log/iptables.log& ~ > > > > has anyone faced simillar issue with rsyslog? > > RegardsAshish > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
