Hi there, Just a simple request, but have been kinda beating myself up a little bit trying to find a solution.
Scenario: I’ve got three rsyslog servers collecting logs, writing them locally, and then also forwarding them through to our SIEM instance. I have a heap of messages that are for a particular monitoring user / process, that I’d like to filter out so they don’t get forwarded to the SIEM. i.e. msg contains ‘string’ then don’t forward. I couldn’t find anything that quite matched what I was looking for. Is it possible to filter conditionally like this on a forward? Thanks in advance!! Regards, Daniel _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
