This works but I'm trying to filter out a service account username that is for cron tasks and is making the logs super noisy on my syslog server:
# Collecting event log
Exec $Message =~ s/(\t|\R)/ /g; to_syslog_bsd();
I tried Exec block filtering but any attempt to add xml code that filtered on the "Exec" line made all logs stop coming in. What would be the correct syntax for suppressing a username that's dedicated to cron tasks and is making the logs super noisy?
Thanks all in advance.