Hi Community,
Can anyone please help me to stop collecting syslogs at VLCs? Is there any way so that I can drop syslogs from a particular source device.
Thanks and Regards,
Nitin Maurya
Hi Community,
Can anyone please help me to stop collecting syslogs at VLCs? Is there any way so that I can drop syslogs from a particular source device.
Thanks and Regards,
Nitin Maurya
Hi, Maurya
That to stop collecting syslogs at VLC:
To disable particular source device, you need to remove IP of your VLC from the syslog sending configuration on this source.
Regards,
Vladimir Rydvanov
Stopping at syslog sending source is different thing.I want to stop receiving syslog for that source at our VLC itself.
If you want to physically stop the syslog packets from this particular source from reaching the VLC then you will need to
1) Stop the source from sending the syslog to the VLC OR
2)Block the syslog packets before they reach the VLC with a firewall rule
Or option 3 using the above screenshot set a filter rule for the VLC to drop based on the source IP.
Key=source IP
Operator equals
Value = IP address to drop
Action:match=drop
Then set that filter rule in your syslog config so that it applies and you have now dropped the source IP from syslog collection. I have used this to successfully drop F5 healthcheck traffic from the mq pipeline.
See this blog for example:
Two questions in your question:
Stop collecting syslog and stop collecting from a specific host
Stop collecting syslog: you can stop the syslog colelctions on VLC under the event sources > syslog and also stop the service from starting under system
Stop collecting syslog from specific host: under event sources > syslog > filters you can define filters on that VLC to stop from a source IP or with events in the message or header. Then apply that filter to a syslog collection to make it apply to that particular port and protocol (UDP514 or TCP6514).