Is it possible to apply message filters to say, block/not log all message types of `INFO` and `DEBUG` from a specific rule?
For example:
Test.conf:
ruleset(name="vcsa20525" queue.type="linkedlist" queue.workerThreads="4" queue.workerThreadMinimumMessages="3000"){
action(type="omfile" file="/var/log/remote-syslog/vcsa.log")
}
input(type="imudp" port="20525" ruleset="vcsa20525")
Vcenter is notorious for not allowing syslog filtration or level setting on the appliance or source side. Support basically claims its all or nothing.
So the thought was to filter them on the Rsyslog side.. except I?m having no luck finding info or examples for filtering when using rulesets.
Thanks!
[Jamf]
Ben Hart
IT Systems Administrator II
100 Washington Ave S, Minneapolis, MN 55401
[Phone]
+00 1 989 424 0187
[Email]
ben.hart@jamf.com
[Web]
www.jamf.com<https://www.jamf.com>
[Facebook] [Twitter] [LinkedIn] [YouTube]
For example:
Test.conf:
ruleset(name="vcsa20525" queue.type="linkedlist" queue.workerThreads="4" queue.workerThreadMinimumMessages="3000"){
action(type="omfile" file="/var/log/remote-syslog/vcsa.log")
}
input(type="imudp" port="20525" ruleset="vcsa20525")
Vcenter is notorious for not allowing syslog filtration or level setting on the appliance or source side. Support basically claims its all or nothing.
So the thought was to filter them on the Rsyslog side.. except I?m having no luck finding info or examples for filtering when using rulesets.
Thanks!
[Jamf]
Ben Hart
IT Systems Administrator II
100 Washington Ave S, Minneapolis, MN 55401
[Phone]
+00 1 989 424 0187
[Email]
ben.hart@jamf.com
[Web]
www.jamf.com<https://www.jamf.com>
[Facebook] [Twitter] [LinkedIn] [YouTube]