So instead of the global forwarding, just use this instead of the *.* @@dest?
From: David Lang <[email protected]> Date: Wednesday, 1 April 2020 at 1:43 PM To: Daniel Oakes via rsyslog <[email protected]> Cc: Daniel Oakes <[email protected]> Subject: Re: [rsyslog] Rsyslog forwarding filtering if ! $msg contains "string" then @destination if this isn't what you are looking for, please give a more complete example David Lang On Wed, 1 Apr 2020, Daniel Oakes via rsyslog wrote: > Hi there, > > Just a simple request, but have been kinda beating myself up a little bit > trying to find a solution. > > Scenario: I’ve got three rsyslog servers collecting logs, writing them > locally, and then also forwarding them through to our SIEM instance. I have > a heap of messages that are for a particular monitoring user / process, that > I’d like to filter out so they don’t get forwarded to the SIEM. > > i.e. msg contains ‘string’ then don’t forward. I couldn’t find anything > that quite matched what I was looking for. Is it possible to filter > conditionally like this on a forward? > > Thanks in advance!! > > Regards, > Daniel > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
