Hey! There is a rest api call in Graylog 1.0.x for blacklisting. Its undocumented and there's no ui support for it yet, but it works. Under the hood it is implemented as dynamic drools rules and that's why it is undocumented: under high load it can become a serious bottleneck. Before you write custom drools rules have a look at the api browser. You can use blacklisting based on source IP, hostname, or field value.
This will get refactored in a future version, to fix the performance issues and also to expose it in the UI. Best, Kay On Apr 30, 2015 10:17 PM, "Mark Moorcroft" <[email protected]> wrote: > > I asked a similar question recently (title "Exclude strategy"), but I > never got any reply. > > On Thursday, April 30, 2015 at 12:59:21 PM UTC-7, temo tsurtsumia wrote: >> >> How to apply simply blacklist rules for dropping unnecessary messages >> > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
