Use a drop action. Look at the action queues. On May 7, 2012, at 12:47 PM, [email protected] wrote: > I'm new to rsyslog and have very limited understanding knowledge on the > subject, I've googled and read all of the online documentation that I > could find, however I'm still struggling to find out if I can filter to > exclude messages. I have a lot of auditd events that I don't need to send > to my centralized collection server, such as the one below. > > type=SYSCALL msg=audit(1336411413.690:393395): arch=40000003 syscall=10 > per=400000 success=yes exit=0 a0=89054c5 a1=0 a2=b7f6ddcc a3=64 items=2 > ppid=20173 pid=20174 auid=100033 uid=0 gid=0 euid=2 suid=0 fsuid=2 egid=2 > sgid=0 fsgid=2 tty=(none) ses=2648 comm="vasd" exe="/opt/quest/sbin/vasd" > key="delete" > > Is there a way to filter these messages out, so that they're not sent to a > syslog server or saved in the /var/log/audit log? > > Are there any good books on rsyslog that would be a good reference for a > newbie? > > Any help or direction would be appreciated ! > > Thanks.. > > Larry E. Erdahl > Information Security Services > Information Security Monitoring Group > 1 Meridian Crossing > Richfield, MN 55423 > Mail Code: EP-MN-MS6I > Office Phone: (612)973-7153 > Cell Phone (612)964-7379 > U.S. BANCORP made the following annotations > --------------------------------------------------------------------- > Electronic Privacy Notice. This e-mail, and any attachments, contains > information that is, or may be, covered by electronic communications privacy > laws, and is also confidential and proprietary in nature. If you are not the > intended recipient, please be advised that you are legally prohibited from > retaining, using, copying, distributing, or otherwise disclosing this > information in any manner. Instead, please reply to the sender that you have > received this communication in error, and then immediately delete it. Thank > you in advance for your cooperation. > > > > --------------------------------------------------------------------- > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
