    Syslog filters


      Even the simplest filters.  Two IP's for specific message severity.  I put a specific email in the filter to see if it is matching the conditions and it is.  I think it's not honoring the stop processing rules action.

          Looking like a restart of the syslog service is required to pick up filter changes.

            We're working to make sure this is working as expected.  Would you mind answering a few questions about how your syslog rules and actions are set up?

            1.  With your rules, the first rule that matches has a stop processing rules action on it, correct?  And you're saying it goes onto another rule that matches and runs those actions as well?

            2.  Or are you seeing it continue to process actions for the first rule after the stop action?


            I ask because the behavior I'm currently seeing is #1, which is the expected behavior. 




                That's not making sense to me.

                When my rule says discard and stop it should do so.  There's no reason to process further which is the behavior I get from some rules.  My first rule discards a lot of low severity messages and never falls through to generate and email.

                Same type of rule but only for two specific IP addresses, enters rule doesn't discard like it should, doesn't stop, and falls through to the email action.

                I did not experience this pre 10.1RC