On Friday, May 1, 2015 at 1:43:38 AM UTC-4, temo tsurtsumia wrote: > > import org.graylog2.plugin.Message > > rule "Drop host x" > when > m : Message( source == "10.0.3.x" ) > then > m.setFilterOut(true); > System.out.println( "[Drop host y] : " + m.toString() ); > end > import org.graylog2.plugin.Message > > rule "Drop host y" > when > m : Message( source == "10.0.3.y" ) > then > m.setFilterOut(true); > System.out.println( "[Drop host y] : " + m.toString() ); > end > import org.graylog2.plugin.Message > > rule "Drop host z" > when > m : Message( source == "10.0.3.z" ) > then > m.setFilterOut(true); > System.out.println( "[Drop host z] : " + m.toString() ); > end > > > > > > change host accordingly >
Big thanks for these drools rules. Its working. In case any one else has trouble. I had to be sure the permissions were correct for the drools rule file. I was trying graylog-ctl reconfigure to restart graylog to read the rules file but it would re-comment the rules file in the graylog.conf. Instead I ended up just graylog-ctl restart which is working now Also I my source was "dhcp:" with the semicolon. I first tried to escape the semicolon with a backslash but apparently that isn't need in the drools rules. "dhcp:" worked. Thanks and cheers! -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
