rsyslog不会写远程的垃圾邮件从特定主机的日志文件

我已经安装了一个rsyslog服务器（基于CentOS 6），可以很好地处理一些远程主机。 但是，当我添加Cisco ASA防火墙时，它会logging它的消息！

rsyslog.conf如下：

# rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html ### MODULES #### $ModLoad imuxsock # provides support for local system logging (eg via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log 

configuration文件如下：

 ##RSYSLOG configuration file for Remote Logs $FileCreateMode 0640 $template PerHostLog,"/var/log/remote/%HOSTNAME%.log" if ($fromhost-ip startswith '10.1.5' or $fromhost-ip startswith '10.2.8') then -?PerHostLog & ~ 

这些规则有什么不对吗？ TCPdumps显示来自10.2.8.1主机的消息到达服务器，但syslogselect忽略它们。 为什么？？

• 连接到Centos openvpn，但没有外部互联网接入
• Linux页面caching使用64GB RAM的双CPU服务器上的IO速度变慢
• BackupPC超过72小时备份250GB的
• proFTPD无法确定IP地址
• 大量的数据包重复

 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 

  $AllowedSender UDP, 127.0.0.0/8, [::1]/128, 10.1.5.0/24, 10.2.8.0/24