Question about dropping syslog messages before they are sent
Tags:
#1
yman182
Hello,
I think this is an easy answer, but I am having some issues. I am trying to read in a log file and send out a syslog message. If the line in the file contains the word error, I want a syslog message to be sent. If the file does not contain that word, just drop the message. What would be the proper way to do this? Below is what I currently have.
<Input watchfile_%service%>
Module im_file
File '%servicepath%'
Exec $Message = $raw_event;
Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;
SavePos TRUE
Recursive TRUE
PollInterval 10
</Input>
Thank You
#1
yman182
Hello,
I think this is an easy answer, but I am having some issues. I am trying to read in a log file and send out a syslog message. If the line in the file contains the word error, I want a syslog message to be sent. If the file does not contain that word, just drop the message. What would be the proper way to do this? Below is what I currently have.
<Input watchfile_%service%>
Module im_file
File '%servicepath%'
Exec $Message = $raw_event;
Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;
SavePos TRUE
Recursive TRUE
PollInterval 10
</Input>
Thank You
The following should do that:
Exec if $raw_event !~ /ERROR/ drop();
