Issue with syslog message being sent when it shouldnt.
Tags:
#1
yman182
Hello,
I have the following config file. What i want it to do is not send anything that has the word error in it.
<Input watchfile_m_NAME1>
Module im_file
File 'LOGLOCATION'
Exec $Message = $raw_event;
Exec if $raw_event !~ /ERROR/ drop();
#Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
#Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;
The issue I am having is that it still sends the lines that say the word ERROR, but it sends them as an info message. I wan them to not send them at all. What am I doing wrong?
#1
yman182
Hello,
I have the following config file. What i want it to do is not send anything that has the word error in it.
<Input watchfile_m_NAME1>
Module im_file
File 'LOGLOCATION'
Exec $Message = $raw_event;
Exec if $raw_event !~ /ERROR/ drop();
#Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
#Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;
The issue I am having is that it still sends the lines that say the word ERROR, but it sends them as an info message. I wan them to not send them at all. What am I doing wrong?
If you want to filter out everything that has the word ERROR in it then you need to use the =~ operator instead of !~:
Exec if $raw_event =~ /ERROR/ drop();
