[graylog2] Re: Filter or Drop messages from a specific source
Are there any errors or related log messages in the graylog server log? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3323b2f1-ec1a-4a0b-8b08-eb989a877b83%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Filter or Drop messages from a specific source
It seems these drools rules have stopped working after one of the recent upgrades of graylog. I'm on version 1.2 now but I wasn't able to get the rules working in the last version as well. Any tips? Here is my rules file: import org.graylog2.plugin.Message rule "Drop host dhcpd" when m : Message( source == "dhcpd:" ) then m.setFilterOut(true); System.out.println( "[Drop host dhcpd] : " + m.toString() ); end rule "Drop host firewall" when m : Message( source == "firewall:" ) then m.setFilterOut(true); System.out.println( "[Drop host firewall] : " + m.toString() ); end On Tuesday, July 14, 2015 at 12:47:55 AM UTC-4, Pete GS wrote: > > Sorry for waking up an older thread... however I have an LDAP server out > of my controller which is absolutely smashing my Graylog servers due to a > misconfigured logging level. Unfortunately the sys admins for this server > are pretty much unresponsive so I think my only choice is to drop this via > the drools rules. > > Quick question before I do this though... how expensive are the drools > rules to process? Does it get dropped/filtered prior to the actual message > processing? Or does it still get processed and then dropped? > > Cheers, Pete > > On Saturday, 2 May 2015 06:02:51 UTC+10, Stephen Fox wrote: >> >> http://docs.graylog.org/en/1.0/pages/drools.html >> >> Its somewhat documented. There are a few examples on that page as well >> but I wish there were more examples. >> >> Rule documentation here: >> >> http://docs.jboss.org/drools/release/5.5.0.Final/drools-expert-docs/html/ch04.html >> >> It would be cool If graylog2 had the feature to filter out messages in >> the web interface rather than hacking around in drool rules. >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/350014fa-dc8e-4aa8-82f8-b0e35b7d2351%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Filter or Drop messages from a specific source
Sorry for waking up an older thread... however I have an LDAP server out of my controller which is absolutely smashing my Graylog servers due to a misconfigured logging level. Unfortunately the sys admins for this server are pretty much unresponsive so I think my only choice is to drop this via the drools rules. Quick question before I do this though... how expensive are the drools rules to process? Does it get dropped/filtered prior to the actual message processing? Or does it still get processed and then dropped? Cheers, Pete On Saturday, 2 May 2015 06:02:51 UTC+10, Stephen Fox wrote: http://docs.graylog.org/en/1.0/pages/drools.html Its somewhat documented. There are a few examples on that page as well but I wish there were more examples. Rule documentation here: http://docs.jboss.org/drools/release/5.5.0.Final/drools-expert-docs/html/ch04.html It would be cool If graylog2 had the feature to filter out messages in the web interface rather than hacking around in drool rules. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Filter or Drop messages from a specific source
http://docs.graylog.org/en/1.0/pages/drools.html Its somewhat documented. There are a few examples on that page as well but I wish there were more examples. Rule documentation here: http://docs.jboss.org/drools/release/5.5.0.Final/drools-expert-docs/html/ch04.html It would be cool If graylog2 had the feature to filter out messages in the web interface rather than hacking around in drool rules. -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: Filter or Drop messages from a specific source
So this is an undocumented (as of yet) method to have graylog filter an input as it feeds the elasticsearch index? If I do a search on the graylog site for drool I get nothing. On Thursday, April 30, 2015 at 10:43:38 PM UTC-7, temo tsurtsumia wrote: import org.graylog2.plugin.Message rule Drop host x when m : Message( source == 10.0.3.x ) then m.setFilterOut(true); System.out.println( [Drop host y] : + m.toString() ); end import org.graylog2.plugin.Message rule Drop host y when m : Message( source == 10.0.3.y ) then m.setFilterOut(true); System.out.println( [Drop host y] : + m.toString() ); end import org.graylog2.plugin.Message rule Drop host z when m : Message( source == 10.0.3.z ) then m.setFilterOut(true); System.out.println( [Drop host z] : + m.toString() ); end change host accordingly -- You received this message because you are subscribed to the Google Groups graylog2 group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
