Thank you David. These messages are arriving from the hostd.log of an ESXi box. They are forwarded to a splunk host and are written locally. I just want the ability to filter them from being forwarded. If they get written locally that is fine.
I don't understand your comment to change "to" in the filter. Can you explain a little more? Thanks, Mike -----Original Message----- From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of David Lang Sent: Thursday, August 16, 2018 4:26 PM To: rsyslog-users <rsyslog@lists.adiscon.com> Subject: Re: [rsyslog] trying to delete incoming messages do these logs arrive via /dev/log or over the network? the filter you have in place is not applied to the "forward" ruleset try changing from " to ' in the filter. David Lang On Thu, 16 Aug 2018, Mike Fefferman wrote: > Date: Thu, 16 Aug 2018 21:37:47 +0000 > From: Mike Fefferman <michaelfeffer...@emagined.com> > Reply-To: rsyslog-users <rsyslog@lists.adiscon.com> > To: rsyslog-users <rsyslog@lists.adiscon.com> > Subject: Re: [rsyslog] trying to delete incoming messages > > Attached is our config file and a sample of the log file where we are trying > to filter the message. Any help would be appreciated. > > Thanks, > Mike > > > > -----Original Message----- > From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of David > Lang > Sent: Wednesday, August 15, 2018 11:51 AM > To: rsyslog-users <rsyslog@lists.adiscon.com> > Subject: Re: [rsyslog] trying to delete incoming messages > > On Wed, 15 Aug 2018, Mike Fefferman wrote: > >> We are fairly new to rsyslog and have a question regarding deleting incoming >> messages that we do not want to forward to our splunk servers. I have added >> the below line to our rsyslog.conf file under ###Rules###: >> >> :msg, contains, "IPMI SEL unavailable" ~ >> >> All of our research has told us that adding this line at the top of the >> config before any action statements will delete any messages coming in with >> IPMI SEL unavailable in the body of the message. For some reason it is not >> working and the messages continue to come through. >> >> How do we make this work? Any help would be appreciated. > > We would need to see your config and a sample log to figure out what's > happening. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This > is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our > control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
