How do you drop Logs completely with Syslog-NG fro...

briant97 · ‎09-22-2015

With Syslog-NG how do you drop logs completely. I know how to create filters and what not but I don't know how to set the destination to drop completely.

frobert · ‎09-22-2015

Hi,

Create a log path that does not have a destination, just a source, a filter (that matches the messages you want to drop), and the final flag.
For details, see the syslog-ng Administrator Guide

Kind Regards,

Robert Fekete
syslog-ng documentation maintainer

briant97 · ‎09-23-2015

Can you show an example of this just for others that may want to reference in the future.

frobert · ‎09-23-2015

Sure! (I've included a link in my earlier reply, but it seems it was moderated 🙂 )
The following log statement drops all debug level messages without any further processing.

filter demo_debugfilter { level(debug); };
log { source(s_all); filter(demo_debugfilter); flags(final); };

briant97 · ‎09-23-2015

filter f_new_networkdevices { netmask(192.168.2.1/32) or netmask(192.168.2.2/32); };
log { source(s_tcp_remote); filter(f_new_networkdevices); flags(final); }; #logs to no where without a destination
log { source(s_udp_remote); filter(f_new_networkdevices); flags(final); }; #logs to no where without a destination

I want to completely drop logs from these ips for now.

This is not working for me it is still logging.

briant97 · ‎09-23-2015

Can you show an example for future reference for others that may be wanting to do the same thing.

How do you drop Logs completely with Syslog-NG from particular sources?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!

Are you a member of the Splunk Community?

How do you drop Logs completely with Syslog-NG from particular sources?

.conf25 Community Recap

Splunk App Developers | .conf25 Recap & What’s Next

Congratulations to the 2025-2026 SplunkTrust!