[graylog2] Re: Filter or Drop messages from a specific source

[Stephen Fox]

It seems these drools rules have stopped working after one of the recent 
upgrades of graylog. I'm on version 1.2 now but I wasn't able to get the 
rules working in the last version as well. Any tips?

Here is my rules file:

import org.graylog2.plugin.Message

rule "Drop host dhcpd"
    when
        m : Message( source == "dhcpd:" )
    then
         m.setFilterOut(true);
        System.out.println( "[Drop host dhcpd] : " + m.toString() );
end

rule "Drop host firewall"
    when
        m : Message( source == "firewall:" )
    then
         m.setFilterOut(true);
        System.out.println( "[Drop host firewall] : " + m.toString() );
end


On Tuesday, July 14, 2015 at 12:47:55 AM UTC-4, Pete GS wrote:
>
> Sorry for waking up an older thread... however I have an LDAP server out 
> of my controller which is absolutely smashing my Graylog servers due to a 
> misconfigured logging level. Unfortunately the sys admins for this server 
> are pretty much unresponsive so I think my only choice is to drop this via 
> the drools rules.
>
> Quick question before I do this though... how expensive are the drools 
> rules to process? Does it get dropped/filtered prior to the actual message 
> processing? Or does it still get processed and then dropped?
>
> Cheers, Pete
>
> On Saturday, 2 May 2015 06:02:51 UTC+10, Stephen Fox wrote:
>>
>> http://docs.graylog.org/en/1.0/pages/drools.html
>>
>> Its somewhat documented. There are a few examples on that page as well 
>> but I wish there were more examples.
>>
>> Rule documentation here:
>>
>> http://docs.jboss.org/drools/release/5.5.0.Final/drools-expert-docs/html/ch04.html
>>
>> It would be cool If graylog2 had the feature to filter out messages in 
>> the web interface rather than hacking around in drool rules.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/350014fa-dc8e-4aa8-82f8-b0e35b7d2351%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.