I'm trying to setup a syslog-ng server and it's sort of working. The intent is to receive syslog messages from other servers and sort them on the syslog server based on the incoming IP address of the server/device/appliance that is sending them. So I want a separate log file for each system.

I setup a external source directive in syslog-ng.conf
source extsrc {
udp(ip("X.X.X.X") port(514));

then I setup 2 files that are included and in the main syslog-ng.conf (verified that they are included properly)
each have a filter, destination and log directive (in this order)

The destination & log directives appear to be fine. It's the filter I'm having trouble with in both files.

In each the filter is setup as such
(DNS lookup is NOT enabled)

filter f_name { host(<ipaddress> or host("<hostname>"); };

problem I'm having is syslog messages I'm receiving are being written to all the log files not just the one I want it in. It's as if the filter isn't even there.

Any help would be great.