I am doing some Syslog testing and a server on one site is sending lots of traffic and I would like to filter this out from the logs.
So the IP address of the server is in the body of each log.
It is a Zonebase Router and I have tried this so far.
parameter-map type inspect default
audit-trail on
discriminator nolog mnemonics drops ^192\.168\.1\.1$
&
discriminator nolog msg-body drops ^192\.168\.1\.1$
logging host x.x.x.x trans udp port 10001 discriminator nolog
But I am still seeing traffic from 192.168.1.1
I don't seem to be able to add a reply.
Rolf
Yes it is the router produced log messages I am referring to for one particular server, it is these messages that I do not want to forward to the Syslog server.
Regards
Richard