I'm wondering if anyone can suggest a strategy for eliminating certain classes of collected logged events. In particular I have 3 compute "clusters". Each one does NAT DHCP for the compute nodes. I prefer that the head nodes continue to collect logged compute node traffic, but I have no need to see them on the log collector. Nor do I want the "Sources" list clogged up with 200 compute node names. It seems to me there are several possible strategies for getting rid of them. I was hoping someone might suggest the "best practice". One possible "issue" is on the older cluster running CentOS5 the nodes run syslogd (not rsyslogd), which is much less flexible to configure. I actually had to replace syslogd on the head node with rsyslog to get the output I wanted for graylog.
-- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.