David_Carlson
Jan 30, 2015Nimbostratus
TCP Syslog filtering and documentation
I'm using TCP syslog to a remote server and can not filter out the facilities that I don't want. Does anyone have any idea on the proper syntax or where documentation can be found? This is an example of what I have tried so far but still get facility 6 messages.
modify syslog include "destination remote_server {tcp(\"10.1.1.1\" port (1234));};filter f_local0 {level (debug...emerg);};filter f_no_local6 {not facility(local6);};log {source(local);filter(f_local0);destination(remote_server);};"
Thanks,
Dave