I need to drop the below lines containing text "-- MARK --" from the logs. I am using syslog-ng for shipping logs to centralized location. However, my config works fine but i need to apply a filter in order to drop below line to be shipped.
Mar 19 15:34:36 10.232.194.98 [Mar 19 15:34:37] [localhost] local_access_log : -- MARK --
Actually I am bit new to syslog-ng, Can anyone help me to create the filter to skip above line from syslog-ng client node?
Thanks, Subi
Filters can do this, for example:
filter remove_a_line{ not match("MATCH-STRING-TO-DROP"); };
log { source(src); filter(remove_a_line); destination(/var/log/messages); };
here is how to use filters in general: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-filters.html
how to drop messages: https://syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-dropping-messages.html
In this case, you'll probably need a message('-- MARK') filter.
