I have the following config file. What i want it to do is not send anything that has the word error in it.


<Input watchfile_m_NAME1>
  Module im_file
  Exec $Message = $raw_event;
  Exec if $raw_event !~ /ERROR/ drop();
  #Exec $SyslogSeverityValue = 6;
  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1; 
  #Exec if $raw_event =~ /ERROR/ $SyslogSeverityValue = 3;


The issue I am having is that it still sends the lines that say the word ERROR, but it sends them as an info message.  I wan them to not send them at all.  What am I doing wrong?

AskedDecember 28, 2015 - 4:28pm

Answer (1)

If you want to filter out everything that has the word ERROR in it then you need to use the =~ operator instead of !~:

Exec if $raw_event =~ /ERROR/ drop();