Disabling a Source from processing


(Arivazhagan) #1

Hi Team,

I have configured around 6 source server and the message are getting processed fine. My storage is not sufficient to store all the server’s log message so I would like to disable couple of Source servers from sending the log message to Graylog server.

Is there a way to disable the Source servers from Graylog itself? Or I have to disable from the Log4j file in the source server, and requires to restart the server which I don’t want.

Please advice.

Thanks,
Ariv


(Jan Doberstein) #2

Hej Ariv,

you could always write a processing pipeline rule to drop messages with a give source.


(Jochen) #3

This would be the preferred solution: Configure the clients so they don’t send anything in the first place and thus saving processing time and network bandwidth.

Besides dropping the messages in Graylog itself, you could also use a packet filter such as Netfilter (iptables) to reject or drop messages from certain network hosts and thus saving processing time on the side of Graylog.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.