Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Excluding IP Address Ranges

Support, Questions and Discussions on WinSyslog

Moderator: alorbach

Google Ads


Excluding IP Address Ranges

Postby swarner » Fri Dec 19, 2008 4:30 am

I am trying to exclude ranges of IP addresses from syslog. It seems to me that the filter in the attached screenshot should work, but instead it appears to exclude all syslog entries. What am I missing?
Attachments
Untitled-2 copy.jpg
Screenshot
Untitled-2 copy.jpg (253.61 KiB) Viewed 18978 times
swarner
New
 
Posts: 3
Joined: Fri Dec 19, 2008 12:54 am

Re: Excluding IP Address Ranges

Postby alorbach » Fri Dec 19, 2008 10:49 am

Hi,

hrm it should work, for further testing I would do the following.
Copy the "Local Interactive Server" Action and paste it before the "Discard LLNW" Action. Change the Message Format of the copied action to: Discarded: %source%

This way you will actually see which sources match your filters and get discarded by using the Interactive Syslogviewer.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Excluding IP Address Ranges

Postby swarner » Sat Dec 20, 2008 3:29 am

Andre,

Thank you. I've just done that. Apparently my firewall's interior IP is being interpreted as the source, and all messages are being discarded. What do you think is wrong here?

SWarner
swarner
New
 
Posts: 3
Joined: Fri Dec 19, 2008 12:54 am

Re: Excluding IP Address Ranges

Postby alorbach » Mon Dec 22, 2008 12:56 pm

Is the original IP within the message itself?
Perhaps in the syslog header? In this case you can try to enable the "Take source system from Syslog message" option the Syslog Listener options.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: Excluding IP Address Ranges

Postby swarner » Fri Dec 26, 2008 5:29 pm

Andre,

I tried that -- didn't work. I decided to reset my configuration to the default and reconfigure from the beginning. However, 8 days into the trial, I am now told my evaluation expired. What happened?

SWarner
swarner
New
 
Posts: 3
Joined: Fri Dec 19, 2008 12:54 am

Re: Excluding IP Address Ranges

Postby alorbach » Mon Dec 29, 2008 11:41 am

Did you use the reset function in thw WinSyslog Client? This may has removed your trial period. Write an email to support@adiscon.com and request a trial extension. You will get help there.

best regards,
Andre Lorbach
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Google Ads



Return to WinSyslog

Who is online

Users browsing this forum: No registered users and 0 guests

cron