Filter out all messages, but the ones we want

#1 yman182 8 years ago

Hello,

I have a config that I thought would work, but it does not. I would like to have the syslog service only send specific messages it finds in the log file and ignore all other and not send them to the syslog server. Her is the config I currently have, but it seems to be sending everything. Any help would be great.

Module im_file
File 'C:\\logs\\log.log'
Exec $Message = $raw_event;
Exec if $raw_event =~ /has failed/ $SyslogSeverityValue = 3;
Exec if $raw_event =~ /Rx error in packet/ $SyslogSeverityValue = 3;
Exec if $raw_event =~ /LossCounter non zero in packet/ $SyslogSeverityValue = 3;
Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;

Thank You,

Yury

Permalink

#2 adm Nxlog ✓ 8 years ago (Last updated 5 years ago )

#1 yman182

Hello, I have a config that I thought would work, but it does not. I would like to have the syslog service only send specific messages it finds in the log file and ignore all other and not send them to the syslog server. Her is the config I currently have, but it seems to be sending everything. Any help would be great. <Input watchfile_m_LOGFILENAME> Module im_file File 'C:\\logs\\log.log' Exec $Message = $raw_event; Exec if $raw_event =~ /has failed/ $SyslogSeverityValue = 3; Exec if $raw_event =~ /Rx error in packet/ $SyslogSeverityValue = 3; Exec if $raw_event =~ /LossCounter non zero in packet/ $SyslogSeverityValue = 3; Exec $SyslogSeverityValue = 6; Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1; Thank You, Yury

If you want to filter out log messages you should be using drop().

Also the following overrides everything else before this:


Exec $SyslogSeverityValue = 6;