Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
is it possible to negate a match using pm_match? (nxlog ce version for now)
wallet created
I am trying to us pm_pattern to filter messages that are approved for a 'limited' feed, and still have the full feed go to the admin feed.
I have set up the config to send the input to two feeds, that works fine.
I've then tried to use pm_pattern to match certain strings and DROP them from the restricted feed. So far no luck.
I'm sure I'm missing something really simple here, and would really appreciate if anyone had the time to check the configs for me...
in nxlog.conf (edited for brevity)...
Module pm_pattern
PatternFile "/data/conf/nxlog-patternmatch.yaml"
Module om_http
URL https:// destination string
#Batchmode none
HTTPSAllowUntrusted TRUE
HTTPSCADir /etc/ssl/certs/
HTTPSCertFile /etc/ssl/certs/ca-certificates.crt
Exec if defined $PatternID drop();
Path client2001 => client_filter => out2001,client-test
and this is the patternmatch yaml (some matchfields removed)...
2021-06-03 01:02:03
1
<group>
<name>Client</name>
<pattern>
<id>1</id>
<name>client input</name>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>rsyslogd</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>NetworkManager</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>Systemd</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>dnf</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>dbus</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>chrony</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>CRON</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>motd</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>snapd</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>promtail</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>nxlog</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>kernel</value>
</matchfield>
<matchfield>
<Name>raw_event</Name>
<type>regexp</type>
<value>loki</value>
</matchfield>
</pattern>
</group>
wallet created
