Pastein: @define allow-config-dups 1 filter f_audit { program("audit") or program("audispd") or program("audisp-syslog"); }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,c

Загрузка данных

@define allow-config-dups 1
filter f_audit {
program("audit")
or program("audispd")
or program("audisp-syslog");
};
filter f_messages {
level(info,notice,warn)
and not facility(auth,authpriv,cron,daemon,mail,news)
and not filter(f_audit);
};
filter f_syslog3 {
not facility(auth, authpriv, mail)
and not filter(f_debug)
and not filter(f_audit);
};
filter pt_siem_filter {
(facility(local6) or priority(info))
and not facility(mail, lpr, news, uucp, cron);
};

destination siem_agent_udp { udp("172.31.114.XXX" port(514)); };
log {
source(s_src);
filter(pt_siem_filter);
destination(siem_agent_udp);
};

Больше возможностей при регистрации: