https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233233#M45503 <P>Sure! (I've included a link in my earlier reply, but it seems it was moderated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> )<BR /> The following log statement drops all debug level messages without any further processing.</P> <PRE><CODE>filter demo_debugfilter { level(debug); }; log { source(s_all); filter(demo_debugfilter); flags(final); }; </CODE></PRE> Wed, 23 Sep 2015 14:29:19 GMT frobert 2015-09-23T14:29:19Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233229#M45499 <P>With Syslog-NG how do you drop logs completely. I know how to create filters and what not but I don't know how to set the destination to drop completely.</P> Tue, 22 Sep 2015 16:58:21 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233229#M45499 briant97 2015-09-22T16:58:21Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233230#M45500 <P>Hi, </P> <P>Create a log path that does not have a destination, just a source, a filter (that matches the messages you want to drop), and the final flag.<BR /> For details, see the <A href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/example-dropping-messages.html">syslog-ng Administrator Guide</A></P> <P>Kind Regards,</P> <P>Robert Fekete<BR /> syslog-ng documentation maintainer</P> Tue, 22 Sep 2015 17:39:26 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233230#M45500 frobert 2015-09-22T17:39:26Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233231#M45501 <P>Can you show an example for future reference for others that may be wanting to do the same thing.</P> Wed, 23 Sep 2015 14:25:02 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233231#M45501 briant97 2015-09-23T14:25:02Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233232#M45502 <P>Can you show an example of this just for others that may want to reference in the future.</P> Wed, 23 Sep 2015 14:26:13 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233232#M45502 briant97 2015-09-23T14:26:13Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233233#M45503 <P>Sure! (I've included a link in my earlier reply, but it seems it was moderated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> )<BR /> The following log statement drops all debug level messages without any further processing.</P> <PRE><CODE>filter demo_debugfilter { level(debug); }; log { source(s_all); filter(demo_debugfilter); flags(final); }; </CODE></PRE> Wed, 23 Sep 2015 14:29:19 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233233#M45503 frobert 2015-09-23T14:29:19Z https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233234#M45504 <P>filter f_new_networkdevices { netmask(192.168.2.1/32) or netmask(192.168.2.2/32); };<BR /> log { source(s_tcp_remote); filter(f_new_networkdevices); flags(final); }; #logs to no where without a destination<BR /> log { source(s_udp_remote); filter(f_new_networkdevices); flags(final); }; #logs to no where without a destination</P> <P>I want to completely drop logs from these ips for now. </P> <P>This is not working for me it is still logging. </P> Tue, 29 Sep 2020 07:19:52 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-you-drop-Logs-completely-with-Syslog-NG-from-particular/m-p/233234#M45504 briant97 2020-09-29T07:19:52Z