rsyslog does not discard messages

rsyslog

Solution 1:

I was thinking the hostname is "default" and the :msg is "send string", but I couldn't get it to filter that way either. So, I did some more searching and found the following:

:rawmsg, isequal, "default send string" stop

That finally made the messages go away. For what its worth, they appear to be from our load balancer, probably a syslog/udp healthcheck.

Reference: http://lists.adiscon.net/pipermail/rsyslog/2012-September/030562.html

Solution 2:

You need to make sure that your rule for discarding the message should be called before the one that writes it in a file.

By default, Rsyslog have a /etc/rsyslog.d/50-default.conf that writes messages as it is. Maybe putting your rule before:

$IncludeConfig /etc/rsyslog.d/*.conf

should work.

And Rsyslog warns to not use ~, you should use stop instead.

Related

How to use iptables or tc to limit packets per client.
Do Linux servers using AD/Kerberos for authentication/authorization need computer accounts?
Is it possible to check the progress of of a currently running clamAV scan?
EC2 - How to route outbound traffic through a single public IP
Ansible SSH error although standard ssh is working
What is DNS TXT record "mailru-verification"?
How do you configure multiple systemd services to use one timer?
Can I recover a bitlocker encrypted drive offline?
Integrating ClamAV with NGINX
Can Azure storage account (files) be mounted on multiple servers?
Hyper-V: Unable To Start a VM From ISO File
Grep Not Working (on some files)?