I have the following config file. What i want it to do is not send anything that has the word error in it.
Exec $Message = $raw_event;
Exec if $raw_event !~ /ERROR/ drop();
#Exec $SyslogSeverityValue = 6;
Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1;
#Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;
The issue I am having is that it still sends the lines that say the word ERROR, but it sends them as an info message. I wan them to not send them at all. What am I doing wrong?