Filter out all messages, but the ones we want

Post a different question
2
responses

Hello,

I have a config that I thought would work, but it does not.  I would like to have the syslog service only send specific messages it finds in the log file and ignore all other and not send them to the syslog server.  Her is the config I currently have, but it seems to be sending everything.  Any help would be great.

<Input watchfile_m_LOGFILENAME>

  Module im_file
  File 'C:\\logs\\log.log'
  Exec $Message = $raw_event;
  Exec if $raw_event =~ /has failed/ $SyslogSeverityValue = 3;
  Exec if $raw_event =~ /Rx error in packet/ $SyslogSeverityValue = 3;
  Exec if $raw_event =~ /LossCounter non zero in packet/ $SyslogSeverityValue = 3;
  Exec $SyslogSeverityValue = 6;
  Exec if file_name() =~ /.*\\(.*)/ $SourceName = $1; 

Thank You,

 

Yury

AskedFebruary 23, 2016 - 6:03pm

Answer (1)

If you want to filter out log messages you should be using drop().

Also the following overrides everything else before this:


Exec $SyslogSeverityValue = 6;
AnsweredFebruary 24, 2016 - 11:18am

Comments (1)

  • yman182's picture

    Hello,

    What line do I have to add to filter out everything but the specific lines that I already have. I do want those to be sent to our syslog server. I will also remove the line you mentioned.

    Thank you.

    February 24, 2016 - 2:14pm