Issue Using Multiple Filters with Syslog-ng

mario365 345588,

You may have already tried this, but in may documents for filters in syslog-ng that appear on devcentral, you need to remove and re-add any syslog remote server before the filters are to take effect. Please see the impact of the procedure below.

Removing the currently defined remote syslog servers

You must remove the current defined remote syslog servers before you configure the include statement with the filter rule and destination server. To do so, perform the following procedure:

Impact of procedure: Log messages will not be sent to the currently defined remote syslog servers until the remote syslog servers are re-added in the following procedure.

1. Log in to tmsh by typing the following command:
2. tmsh
3. To list any currently defined remote syslog servers, if configured, type the following command:
4. list /sys syslog remote-servers
5. The following is an example of the command output on a BIG-IP system that is configured with a remote syslog server at IP address x.x.x.x:
6. sys syslog {
7. remote-servers {
8. host x.x.x.x
9. }
10. }
11. Take note of any currently defined remote syslog server information; you will need it in the following procedure.
12. To remove the currently defined remote syslog servers, type the following command:
13. modify /sys syslog remote-servers none
14. Save the change by typing the following command:
15. save /sys config partitions all