Hello, We are running GrayLog / ElasticSearch on the backend and we are using the graylog-collector 0.4.2 to collect and push logs from our AIX 7.1 server.
Everything seems to be working fine, our config is.. server-url = "http://xxx.xxx.xxx.xxx:12900"; enable-registration = true collector-id = "file:config/collector-id" inputs { log1 { type = "file" path = "/xxx/dbs/xxx.lg" outputs = "gelf-tcp" } } outputs { gelf-tcp { type = "gelf" host = "xxx.xxx.xxx.xxx" port = 12201 client-tls = false client-queue-size = 512 client-connect-timeout = 5000 client-reconnect-delay = 1000 client-tcp-no-delay = true client-send-buffer-size = 32768 } } Is it possible to drop some type of logs from being forwarded to the GrayLog server? I want to drop certain log lines in /xxx/dbs/xxx.lg that contain certain words in the line. I know this can be done on the GrayLog server by adding a /etc/graylog/server/rules.drl file but the problem is we would like to drop the message at the source before it is transferred to the GrayLog server over the network; the reason for this is because we have a *LOT* of line items in the logs and transferring them over the network takes a big network performance hit. If we could discard these where the instance of graylog-collector is running it would be much more efficient. Is this at all possible? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/fef77a90-e804-4de1-b6d8-f3e27ef40034%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
